I'm weary of backporting this. We've had a lot of troubles with our SSL certificates, particularly around the JDK not supporting GoDaddy's new certificates. I wouldn't want to introduce such regressions in the stable branch. There's nothing stopping a user from switching themselves to https, but forcing that upon them when it could cause their environment to break is not good.

They were going to try to rekey the GoDaddy cert this week to fix that problem, so it makes sense to at least wait a week to merge this and make sure that problem is solved first.

Another option might be to take off the template change from this PR, so that the portions affecting Play developers are committed, but not the portions affecting Play users.

Let me know if you think either of those options make more sense or if you'd rather just hold off. I'm fine with anything since we were able to get master updated.

@edwardcallahan said SHA-1 cert for repo.typesafe.com has been installed at JFrog

I'd still like to give it some time to settle, let's wait and see if any problems are caused on master before back porting.

Sure. Sounds goods

Just FYI, SBT and activator both made the same change, so there's going to be a desire to keep the https version of the repo working

This change has been made in SBT, master, and elsewhere for quite awhile. Wondering if you feel this is safe to merge now or if we should abandon it. I'm fine either way. Just trying to follow up on outstanding pull requests