Some repositories such as cms.osgstorage.org require https for even the metadata. They need to be able to have their whitelists signed on oasis, but they should not be replicated on oasis-replica (or the FNAL or UNL stratum 1s). Currently add_osg_repository does not support https at all. Beginning with the September 12 oasis update, add_osg_repository is automatically called on both oasis and oasis-replica based on the url registered in OIM. An http address might be good enough for adding the repository on oasis because the .cvmfs* files don't need to be protected, but if we stayed with registering that address in OIM we wouldn't have a way to prevent adding it on oasis-replica. One possible solution is to switch to registering https addresses in OIM, and make add_osg_repository support https on oasis and do nothing on oasis-replica. Another possibility is to add another field in OIM for this case.
Currently the workaround for this issue is to temporarily put the http address in OIM until it is added on oasis, then remove it from OIM and also manually remove the repository from oasis-replica (step 5 of the shutdown procedure).