https mirror

Well, probably you know about a recent apt security vulnerability.

Debian mirror servers are not run by Debian system admins but mirror admins kindly offer their servers and network capacities to our users. So, providing https support depends on them, we cannot force it.

How about starting from providing https support for our mirrors?

Then, ask whether they can provide https to our mirror admins and treat https mirror as the first choice in mirror selection during installation (through debian-installer).