I am Debian user trying to use Manjaro on secondary notebook.
In Debian I can easily set package manager (apt) to use tor instead of direct connection: just install apt-transport-tor package. I have not found same thing in Manjaro/Arch. Yes, I can use torsocks with pacman but official package-guided way like in Debian is better option.
Tor connection to repos adds extra privacy and security, so this option is desired.
I highly doubt tor is THAT privat and secure. You never know who has the exit node. We know actually… a lot of the nodes are in the hands of cybercriminals and some abreviated agencies.
p.s. nothing against your idea, just a personal opinion. I will move the topic to feedback, since it is an idea for new feature.
Good point there. Plus, you don’t actually know where file-chunks are coming from.
If anything, I’d think it is less secure, and probably slower. 
No matter who runs exit node if connection is encrypted (like https in web).
In onion domain (hidden service) there are no exit nodes at all. Debian even runs official onion services for repo mirrors. No same things in Arch/Manjaro?
Though onion domains for repos are not so necessary, just official torifier for pamac/pacman in first place.
Tor gives more privacy vs ISP and other local agents
…that will most likely never happen. Manjaro also does not develop pacman. 
That’s probably the best idea. I don’t think there are any onion mirrors.
I searched the interwebs for pacman with tor and found this Artix thread that might help:
Who does, Arch?
In Debian I just took “core” Debian distro, not a derivative. In Arch I took Manjaro just to have more GUI-oriented Arch (not just console installer).
Pamac does not connect to the Internet? Is it just a GUI for pacman like Synaptic for apt in Debian?
Pamac is not just a wrapper, but a package manager that uses the pacman library libalpm internally.
Yes, that is correct.
Nope. Pamac is Manjaro package manager. Reason why Pacman is installed is because Pamac still use some parts of Pacman libraries.
That’s not the only reason. The primary reason why it’s installed is because it’s both the original and better package manager for Arch-based distributions. 
I worship church of Pamac, so your opinion is discarded and will be erased from my memory after few minutes. Pamac is one and only 
Why don’t you just use https mirrors?
Well, there are also people who worship Microsoft Windows and willfully remain ignorant of its poor design, its many security holes, its vendor lock-in strategy, and even the fact that by using Microsoft Windows — or for that matter, macOS — not only do they no longer own the computer they paid for with their own money, but their computer is also being used by governments and black hats alike¹ in all kinds of nefarious and unethical activities.
pamac has serious issues at the moment, so if you worship it and prefer it before pacman, then that decision is yours, but then so will the breakage be.
Don’t come crying to us and tell us we didn’t warn you. 
Âą Is there any difference, really?
Tor doesn’t “give more privacy” in a general sense; it hides your destination from your ISP while introducing new trust points.
It’s more like a trust shift, not removal.
For something like a package manager, Tor doesn’t meaningfully improve the security model:
So in this context, Tor is mostly adding latency and complexity without improving security.
In my opinion - tor is useful - but using it as a general purpose routing engine to update your system is abuse of the service.
Not to mention completely pointless, and, due to the fact that the TOR network has already been compromised by bad actors — which includes surveillance-happy alphabet soup government agencies — actually the opposite of what one would want to achieve by using TOR anyway.
The said agencies actually heavily financed the development of tor
Anyways, as said, unless you live in a country blocking access to all mirrors, it doesn’t make sense. And then you are in need of vpn anyway.
It was a joke referring to Editor war, so I don’t understand why you take it personally or something.
I use Pamac from almost beginning (mainly because I was curious what is so bad about it), reported issues many times before directly on GitLab, so don’t worry, you don’t see me crying.
I can’t be that lucky that long. I assume part of issues happens because of flipping both package managers, but this is subject for another discussion in proper tread.
