diff --git a/Library/Homebrew/cmd/audit.rb b/Library/Homebrew/cmd/audit.rb
index 3c26eeb974226e65c39efc83d0283716499a2593..c4e0fb619e0aa743f6360d9cbb5d319d8dcaac52 100644
--- a/Library/Homebrew/cmd/audit.rb
+++ b/Library/Homebrew/cmd/audit.rb
@@ -1192,6 +1192,7 @@ class ResourceAuditor
            %r{^http://tools\.ietf\.org/},
            %r{^http://launchpad\.net/},
            %r{^http://bitbucket\.org/},
+           %r{^http://anonscm\.debian\.org/},
            %r{^http://cpan\.metacpan\.org/},
            %r{^http://hackage\.haskell\.org/},
            %r{^http://(?:[^/]*\.)?archive\.org},
@@ -1202,6 +1203,8 @@ class ResourceAuditor
         problem "#{p} should be `https://cpan.metacpan.org/#{$1}`"
       when %r{^(http|ftp)://ftp\.gnome\.org/pub/gnome/(.*)}i
         problem "#{p} should be `https://download.gnome.org/#{$2}`"
+      when %r{^git://anonscm\.debian\.org/users/(.*)}i
+        problem "#{p} should be `https://anonscm.debian.org/git/users/#{$1}`"
       end
     end
 
@@ -1250,6 +1253,17 @@ class ResourceAuditor
       end
     end
 
+    # Debian has an abundance of secure mirrors. Let's not pluck the insecure
+    # one out of the grab bag.
+    urls.each do |u|
+      next unless u =~ %r{^http://http\.debian\.net/debian/(.*)}i
+      problem <<-EOS.undent
+        Please use a secure mirror for Debian URLs.
+        We recommend:
+          https://mirrors.ocf.berkeley.edu/debian/#{$1}
+      EOS
+    end
+
     # Check for Google Code download urls, https:// is preferred
     # Intentionally not extending this to SVN repositories due to certificate
     # issues.