If you go to the mirrors page you’ll see cdimage.debian.org under Sweden and it’s an http link. My guess is that the link is just misconfigured on the home page. It’s helpful to avoid https for things like this because it allows you to download updates on machines with outdated security software, eg TLS 1.0/1.1.

It should be encrypted by default because most people don’t take care to dispose of their machines responsibly. I picked up a few machines destined for ewaste and the hard drives were full of tax returns.

I needed to make a docker image based on Core OS (RedHat) and the docker host had to be RHEL compatible. My machine is Ubuntu. To get it to work, I installed Rocky Linux on LXC and docker inside that machine. Turns out there are a lot of security settings isolating LXC and restricting nested virtualization, but fortunately Canonical posts a 20 minute video explaining how to modify the permissions for that use case. I cannot imagine virtualizing much further without the machine refusing to comply!

Did you actually get that to run or is this a fun thought exercise? It seems like a lot of nested virtualization. If you’re clever enough maybe you could get Windows > WSL > WSL Wayland compatibility layer > Ubuntu Wayland session > LXC > Fedora > QEMU > macOS > Wine > Windows app