From f1f2de7cdfa5e20577bbc2e2bf29de4cce525002 Mon Sep 17 00:00:00 2001
From: Stefan Kangas <stefankangas@gmail.com>
Date: Mon, 16 Sep 2019 21:09:32 +0200
Subject: [PATCH] Recommend using https for package-archives

* lisp/emacs-lisp/package.el (package-archives): Recommend using https
sources where possible.  (Bug#33825)
---
 lisp/emacs-lisp/package.el | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index ef0c5171de6..1e136cb54f7 100644
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -214,7 +214,10 @@ Each element has the form (ID . LOCATION).
   (Other types of URL are currently not supported.)
 
 Only add locations that you trust, since fetching and installing
-a package can run arbitrary code."
+a package can run arbitrary code.
+
+HTTPS URLs should be used where possible, as they offer superior
+security."
   :type '(alist :key-type (string :tag "Archive name")
                 :value-type (string :tag "URL or directory name"))
   :risky t
-- 
2.39.5