 
            So let's get this straight..
There are a few CentOS mirrors that redirect their http traffic to https. This is fairly easy nowadays with Let's Encrypt and their automatic cert installation scripts. While I believe that the intention is good, I'm afraid the forced redirects are not actually helping.
I can't speak for other projects, but for CentOS mirrors, I believe that you should respond using the same protocol the request was sent. My concern is that there are organizations (hospitals, banks, research centers etc) that want to make sure no confidential information leaks out from their organization. Connections to random HTTPS sites may get blocked at their firewall because the firewall can't see what's inside the request.
It should also be pointed out that the scripts behind http://mirror-status.centos.org/ will (currently) happily follow all kinds of redirects to retrieve the timestamp file. However, the scripts that create the actual data for mirrorlist.centos.org for each repository are unable to access https URLs. So the moment you set up that redirect to https, your mirror stopped being included in the output of mirrorlist.centos.org.
I have already tried reaching out to a few mirrors doing such redirects, but I have not received a response yet. Those mirrors will eventually be disabled after a few more automatic nag emails, but I'm hoping that those mirror operators would exclude their CentOS mirror traffic from the redirects before that happens.
To be clear, you are free to offer CentOS files over https, but the redirects should be disabled. I can see the CentOS mirror system supporting https and mirrorlist.c.o (optionally) handing out https URLs some day, but even then, I believe that http requests should be answered with http, and https requests should be answered with https.
Thank you for your time!
 
            Am 06.08.2018 um 08:31 schrieb Anssi Johansson:
[...] but even then, I believe that http requests should be answered with http, and https requests should be answered with https.
... if i respond with a HTTP 301, i still answer your HTTP request with HTTP, so nothing wrong here :)
just kidding, SCNR

