I was annoyed by the lack of HTTPS support in APT, so I've created a tool that fills that gap. Others have tackled this problem, I realise, but always at the expense of replacing the APT package itself. This is unnecessary, since it's a modular system. By the simple expedient of using Perl's LWP tools, I've created a drop-in HTTPS method. It uses Perl, LWP and Crypt::SSLeay. You can install the apt-method-https package by adding the following to your sources.list:
If using woody (stable), the /etc/apt/sources.list lines are:deb http://www.roughtrade.net/debian stable amh
If using sid (unstable), the /etc/apt/sources.list lines are:deb http://www.roughtrade.net/debian unstable amh
The version of Crypt::SSLeay in Debian 3.0r2 is too old, so the woody source includes a backport of libcrypt-ssleay-perl version 0.51-1.
With this installed, you'll be able to use sources.list lines of the form:deb https://secure.server.example.com/debian woody main contrib
This is version 0.1 of apt-method-https. I believe it is production ready. Please send me bug reports, feature requests and positive feedback.
This is a patch to an existing patch for Netfilter (i.k.a iptables) adding support for counters per tracked connection. Choose your format!
As of release 3.17.0, I'm maintaining a Debian package of Spread. More details over here.