Eli Zaretskii <eliz@gnu.org> writes:

> > How about also adding a recommendation to use https, as far as
> > possible, for package archives?  I guess that could be added to both
> > the doc string of package-archives and possibly also the manual.  That
> > would help security and avoid issues such as these.
>
> I'd leave this out of the manual.  Doc string should be enough.

Thanks.  How about the attached patch?

Best regards,
Stefan Kangas