while I invested some time in the past updating thirdpartymirrors to add
HTTPS where possible too, I see no point in dropping non-HTTPS mirrors:

Just make sure that HTTPS mirrors are listed first.

From security point of view, we don't get anything from HTTPS because we
maintain and validate checksums for distfiles and thirdpartymirrors file
is only used for distfiles.

Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to