No, you cannot trust just a hostname. Ever heard of MITM attacks? For example maemo repositories are not even behind https. My stubbornness argument stays. I never heard any rational or technical reasons why deb-systems insist to stay using deb and be somewhat incompatible from rest of the LSB-systems. Also in Fedora (and all Linux distros) there are applications developed in deb-based system, and I feel little insecure when I know those same developers do install software packages without checking for authentication correctly. (I've seen it happen here in talk.maemo.org also).