RE: [gentoo-mirrors] HTTPS deployments for mirrors: Potential Chrome changes; stats on the existing mirrors

Hello, > Of the HTTP-only mirrors, I went to test if of them had working HTTPS > that wasn't documented in distfiles.xml, and if not, what responses > there were I am a maintainer of the Gentoo mirror at ftp.snt.utwente.nl . In the distfiles.xml [1] we are

[gentoo-mirrors] HTTPS deployments for mirrors: Potential Chrome changes; stats on the existing mirrors

Hi! Upstream Chrome is discussing a potential change that we try to block users following a HTTPS->HTTP for high-risk files, including tarballs. https://lists.w3.org/Archives/Public/public-webappsec/2019Apr/0004.html Further below is some quick analysis I did on the state of HTTP for the mirrors