Original issue filed by @beamerblvd on 2015-04-25 in Bugzilla, copied here because it still has not been responded to and is still an issue:
VyOS is often installed on security-critical firewall hardware. Offering HTTP-only packages and HTTP-only downloads presents a security vulnerability. To that end:
- http://packages.vyos.net should be available via HTTPS
- ISO downloads should be available via HTTPS