Created attachment 185673 [details]
encryption is good
- use https master site
The porters handbook doesn't state anything specifically about using HTTPS MASTER_SITES to this day but it has always been best practice to avoid them or at least have a HTTP site in there for people behind evil proxies. I share your sentiment that "encryption is good" but the integrity of the distfiles is guaranteed hhe SHA256 checksums in the distinfo file. If the HTTP sites would redirect to HTTPS this would justify replacing the HTTP sites but this is not the case. I suggest either leaving it as is or just adding the HTTPS sites without removing the HTTP ones. Feel free to commit either of the two options.
I've added HTTPS alternatives.
A commit references this bug:
Date: Sun Sep 17 13:13:11 UTC 2017
New revision: 449999
- Remove unavailable MASTER_SITES
- Add HTTPS alternatives by request , deliberately keep corresponding HTTP
hosts for providing a variety of sources (not for integrity since this is
guaranteed by the distinfo checksums)
PR: 221725 
Submitted by: xmj