Arch Linux

$ curl https://bird.network.cz/pub/bird/bird-2.0.7.tar.gz
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>

I'll contact upstream to get it sorted and post another comment here when it's fixed.

I checked several times all my packages to switch them to https.
So, don't open a bug report to fix something which is not fixable.
Https is not mandatory, it's a privacy first solution for our links.

https://bird.network.cz/debian/pool/main/b/bird2/bird2_2.0.7.orig.tar.gz

That's a path inside a debian shared pool. It's not clean, I prefer stick with the official path.
Cleaner solution would be to grab the sources via their https gitlab, but requires to change from released tarballs to sources based, and as they use autotools, it's not equivalent.

That tarball has exactly the same sha256sum and md5sum as the one you're currently using, so it is clean in that regard.

Also, I don't see why the URL should be an issue. It's the same official server, run by the same project. If it is good enough for upstream to build their official Debian packages from that tarball, why shouldn't it be good enough for Archlinux to use?

Moreover, as upstream doesn't seem to sign their release tarballs nor publish any cryptographic checksums on their HTTPS site, I'd actually consider it a security benefit to use HTTPS instead of FTP.

Can the following URL be used for the PKGBUILD?

https://bird.network.cz/download/

It appears to serve a regular tarball:

https://bird.network.cz/download/bird-2.0.7.tar.gz

Looks great. Updated!