Our excellent colleague Deekoo once went through the buildroot process
horrified at the amount of arbitrary code that was pulled in over
insecure/unauthenticated channels and started building a proxy which would
at least allow for some auditing before incorporation into our firmware. We
have yet to incorporate that into our actual build process :)
I've been looking into
buildbot.net a lot lately (it's what the openwrt
folks use) and would love to use it in our development process. In that
case, it would be trivial to copy the final product to an https secured
site for authenticated download.
It is a good question why openwrt is serving all of their firmware
downloads over http. It seems like most of these sorts of issues are just a
lack of developer hours/resources? I'd imagine that sudomesh would sign on
to a request (and maybe even pitch in some $$) if we thought it could get
that fixed....
On Mon, Aug 31, 2015 at 10:35 AM, Mitar <mitar(a)tnode.com> wrote:
Hi!
For me it seems that lack of HTTPS support in OpenWrt is really
problematic. So all packages installation from official repositories go
over HTTP, if I am not mistaken. Does anyone know why this is not
something which bothers more people? :-)
Mitar
--
http://mitar.tnode.com/
https://twitter.com/mitar_m
_______________________________________________
mesh-dev mailing list
mesh-dev(a)lists.sudoroom.org
https://sudoroom.org/lists/listinfo/mesh-dev