Our excellent colleague Deekoo once went through the buildroot process horrified at the amount of arbitrary code that was pulled in over insecure/unauthenticated channels and started building a proxy which would at least allow for some auditing before incorporation into our firmware. We have yet to incorporate that into our actual build process :) I've been looking into buildbot.net a lot lately (it's what the openwrt folks use) and would love to use it in our development process. In that case, it would be trivial to copy the final product to an https secured site for authenticated download. It is a good question why openwrt is serving all of their firmware downloads over http. It seems like most of these sorts of issues are just a lack of developer hours/resources? I'd imagine that sudomesh would sign on to a request (and maybe even pitch in some $$) if we thought it could get that fixed.... On Mon, Aug 31, 2015 at 10:35 AM, Mitar <mitar(a)tnode.com> wrote:

In that case, it would be trivial to copy the final product to an https secured site for authenticated download.

It is a good question why openwrt is serving all of their firmware downloads over http. It seems like most of these sorts of issues are just a lack of developer hours/resources? I'd imagine that sudomesh would sign on to a request (and maybe even pitch in some $$) if we thought it could get that fixed.... On Mon, Aug 31, 2015 at 10:35 AM, Mitar <mitar(a)tnode.com> wrote: