> > What is your opinion ? > > could be a MITM from my router and a kernel 0day on the tcp/ip stack > > implementation ? > > could be MITMed pkg_add ? > > the encryption algorithm (AES_128_GCM) behind https is really secure ? > > Can some code be injected in an encrypted stream ?
An internet connection might not suit your use case. Have you considered a self imposed air-gap?