Do you trust the non https(http) Arch update servers, or am i being overly cautious?
1 Like
The important thing is package signature checking. If the sigs are okay, you should be fine.
2 Likes
I use the https, but I would have no fear of the http.
3 Likes
Nope, i don’t - i use only https 
4 Likes
EndeavourOS mirrors are all https…
Arch mirrors (that we use too) have both.
Http mirrors can be slightly faster, but anyway I’d recommend using only https mirrors if possible.
8 Likes