On 2/9/21 4:10 PM, Rich Bowen wrote: > > > On 2/9/21 1:09 AM, Chris Drake wrote: >> 1. Your info page here: >> >> https://wiki.centos.org/FAQ/CentOSStream#Where_is_the_source_code.3F >> <https://wiki.centos.org/FAQ/CentOSStream#Where_is_the_source_code.3F> >> >> links to an insecure download resource: >> http://mirror.centos.org/centos/8-stream/ >> <http://mirror.centos.org/centos/8-stream/> > > As a question that gets asked several times a year, it would be great > if someone could update that entry on the wiki (or perhaps link to > somewhere that it's been addressed) to reflect *why* this is http and > https? Done > > In short, it's because downloads are hosted on a mirror network, where > we cannot mandate that every mirror node run SSL/TLS. Well, I suppose > we *could*, but traditionally we have not done so, as the additional > requirement is likely to reduce the number of willing participants in > that mirror network.