[mesh-dev] Lack of HTTPS support in OpenWrt
max b
maxb.personal at gmail.com
Mon Aug 31 11:17:52 PDT 2015
Our excellent colleague Deekoo once went through the buildroot process
horrified at the amount of arbitrary code that was pulled in over
insecure/unauthenticated channels and started building a proxy which would
at least allow for some auditing before incorporation into our firmware. We
have yet to incorporate that into our actual build process :)
I've been looking into buildbot.net a lot lately (it's what the openwrt
folks use) and would love to use it in our development process. In that
case, it would be trivial to copy the final product to an https secured
site for authenticated download.
It is a good question why openwrt is serving all of their firmware
downloads over http. It seems like most of these sorts of issues are just a
lack of developer hours/resources? I'd imagine that sudomesh would sign on
to a request (and maybe even pitch in some $$) if we thought it could get
that fixed....
On Mon, Aug 31, 2015 at 10:35 AM, Mitar <mitar at tnode.com> wrote:
> Hi!
>
> For me it seems that lack of HTTPS support in OpenWrt is really
> problematic. So all packages installation from official repositories go
> over HTTP, if I am not mistaken. Does anyone know why this is not
> something which bothers more people? :-)
>
>
> Mitar
>
> --
> http://mitar.tnode.com/
> https://twitter.com/mitar_m
> _______________________________________________
> mesh-dev mailing list
> mesh-dev at lists.sudoroom.org
> https://sudoroom.org/lists/listinfo/mesh-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://sudoroom.org/lists/private/mesh-dev/attachments/20150831/56b62026/attachment.html>
More information about the mesh-dev
mailing list