RPM/APT repos are available via HTTPS - tell people to use HTTPS - not HTTP
You are instructing users to configure their systems to fetch updates via http [1][2] - not https. This is no big deal for debian/ubuntu since repo metadata is signed via GPG, but you don't sign your RPM repo metadata #12871 (moved). So HTTPS is an actual security improvement over HTTP in that case.
So it would be best to update the pages to point towards https instead of http.
[1] https://www.torproject.org/docs/rpms.html.en [2] https://www.torproject.org/docs/debian.html.en