audit.rb: require https for ftpmirror.gnu.org (#393)

* audit.rb: require https for ftpmirror.gnu.org

The situation is similar to other mirror redirectors: the server
may subsequently redirect to an insecure url. But it's a step.

* manpage: update HOMEBREW_NO_INSECURE_REDIRECT section

2 files changed, 4 insertions, 8 deletions

diff --git a/Library/Homebrew/cmd/audit.rb b/Library/Homebrew/cmd/audit.rb
index 39d58a146..3cfbbe724 100644
--- a/Library/Homebrew/cmd/audit.rb
+++ b/Library/Homebrew/cmd/audit.rb
@@ -1135,12 +1135,7 @@ class ResourceAuditor
   def audit_urls
     # Check GNU urls; doesn't apply to mirrors
     if url =~ %r{^(?:https?|ftp)://(?!alpha).+/gnu/}
-      problem "Please use \"http://ftpmirror.gnu.org\" instead of #{url}."
-    end
-
-    # GNU's ftpmirror does NOT support SSL/TLS.
-    if url =~ %r{^https://ftpmirror\.gnu\.org/}
-      problem "Please use http:// for #{url}"
+      problem "Please use \"https://ftpmirror.gnu.org\" instead of #{url}."
     end
 
     if mirrors.include?(url)
@@ -1154,6 +1149,7 @@ class ResourceAuditor
     urls.each do |p|
       case p
       when %r{^http://ftp\.gnu\.org/},
+           %r{^http://ftpmirror\.gnu\.org/},
            %r{^http://[^/]*\.apache\.org/},
            %r{^http://code\.google\.com/},
            %r{^http://fossies\.org/},
diff --git a/Library/Homebrew/manpages/brew.1.md.erb b/Library/Homebrew/manpages/brew.1.md.erb
index f88d4e091..21fc4f81a 100644
--- a/Library/Homebrew/manpages/brew.1.md.erb
+++ b/Library/Homebrew/manpages/brew.1.md.erb
@@ -180,8 +180,8 @@ can take several different forms:
     to insecure HTTP.
 
     While ensuring your downloads are fully secure, this is likely
-    to cause from-source Sourceforge & GNOME based formulae
-    to fail to download.
+    to cause from-source Sourceforge, some GNU & GNOME based
+    formulae to fail to download.
 
   * `HOMEBREW_NO_GITHUB_API`:
     If set, Homebrew will not use the GitHub API for e.g searches or