From: Stefan Kangas <stefankangas@gmail.com>
Date: Mon, 16 Sep 2019 19:09:32 +0000 (+0200)
Subject: Recommend using https for package-archives
X-Git-Tag: emacs-27.0.90~1535
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=f1f2de7cdfa5e20577bbc2e2bf29de4cce525002;p=emacs.git

Recommend using https for package-archives

* lisp/emacs-lisp/package.el (package-archives): Recommend using https
sources where possible.  (Bug#33825)
---

diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index ef0c5171de6..1e136cb54f7 100644
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -214,7 +214,10 @@ Each element has the form (ID . LOCATION).
   (Other types of URL are currently not supported.)
 
 Only add locations that you trust, since fetching and installing
-a package can run arbitrary code."
+a package can run arbitrary code.
+
+HTTPS URLs should be used where possible, as they offer superior
+security."
   :type '(alist :key-type (string :tag "Archive name")
                 :value-type (string :tag "URL or directory name"))
   :risky t