GitLab

there should be a submission form for mirrors. if a mirror supports https and is being checked on a regular basis (could be done using a script test downloading the file) it should be relatively safe. for additional security the hosting service should be checked for trustworthyness manually to ensure that it is not fooling the bot by providing a different download for his ip. as long as a mirror is considered safe and up to date it would be kept in a pool like the bridges.

this way people could spread mirrors on all kinds of services and websited making it impossible for a censor to block all mirrors without breaking major parts of the internet.

Trac:
Username: elypter