On Sun, Mar 05, 2017 at 11:15:25PM +0800, Alex Vong wrote:
> Hello,
> 
> In the guix download page[0], it mentions "Source code for the Guix
> System Distribution USB installation images as well as GNU Guix can be
> found on the GNU ftp server for alpha releases:
> http://alpha.gnu.org/gnu/guix/ (via HTTP) and
> ftp://alpha.gnu.org/gnu/guix/ (via FTP).".
> 
> Should we change "http://alpha.gnu.org/gnu/guix/ (via HTTP)" to
> "https://alpha.gnu.org/gnu/guix/ (via HTTPS)"?

Absolutely.

Everyone *should* verify the signatures, but I know that many people do
not. HTTPS makes it harder to perform a man-in-the-middle attack on
those users, and it also gives them some privacy.