I thought the proposal [1] is well written but there is one major point it should include:
Sometimes apt/dpkg can contain remotely exploitable bugs which s a big risk when updates are fetched over HTTP. As it happens, anyone could have been in a position to poison the update process and take over the machine because of [CVE-2014-6273] in apt-get [2]. What makes this bug crippling is that updating apt to fix it would have exposed it to what the fix was supposed to prevent. The safest option this time was to manually download the fixed package out of band. Updating from an Onion Service would protect systems from any tampering/attacks at the Exits while bringing all the usual benefits of package metadata privacy.
***
While there's been some progress to setup Debian APT Onion Services [3][4], its still a long way away from being enabled as a safe default. This problem along many others summarized in the Debian wiki [5] (such as upstream patching of chatty apps that leak system information like pip [6]) would make great talking points at the next DebConf.
[1] https://yawnbox.com/index.php/2016/05/03/draft-proposal-for-debian/ [2] http://security-tracker.debian.org/tracker/CVE-2014-6273 [3] http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/ [4] http://richardhartmann.de/blog/posts/2015/08/25-Tor-enabled_Debian_mirror_pa... [5] https://wiki.debian.org/TorifyDebianServices [6] https://lists.debian.org/debian-security/2016/05/msg00059.html