HTTP-only download mirror
Is there a good reason why "downloads.cinc.sh" are served only via plaintext/insecure HTTP?
Even if OSUOSL is not supporting custom domain certificates, a fronting-cache+TLS could be easily setup with help of Fastly's Fast Forward or Clouflare. Alternatively, you could probably use GitLab's Release assets functionality (optionally, with GitLab for Open Source plan).
Edit:
I see that similar issue was already raised as client#45. A working solutions hence could also be a use of "https://cinc.osuosl.org/*" as HTTPS enabled download URL instead of "http://downloads.cinc.sh/*".
Edited by GWyGUnTSl87prGVbp9wDhkSY4BsPDmPy