[ducksinhats]

Also worth noting that there have been apt RCE's capable of being exploited by a MITM.

https://www.debian.org/security/2016/dsa-3733

https://justi.cz/security/2019/01/22/apt-rce.html

I really don't see how anyone can still defend not using TLS for debian packages.