If this really bothers you, you build from source. And vet the source code before building images.
This is what I do for my clients. On 1 Jan 2014 05:24, "iyCXLONo mVUTxeyv" <iycxl...@yandex.com> wrote: > Hello, > > Is it possible to download OpenWrt binaries over HTTPS? If not, which > seems to be the case, I want to suggest that HTTPS for downloads is needed. > The HTTP downloads are at risk of man-in-the-middle attacks. For > instance, compromised binaries could be supplied in response to HTTP > download requests. Also, downloads could be eavesdropped to learn the > hardware of a downloader, which increases the risk of the downloader to > targeted attack. > > If this seems like a paranoid concern, it was reported a few days ago that > the NSA is building a network of hacked routers across the globe as part of > its QFIRE program [1]. Given the general state of consumer router > security, it seems unlikely that intelligence agencies are targeting > specifically OpenWrt downloads, but we know both that routers are a target > and that HTTP downloads are a vulnerability, which amounts to a real risk > for OpenWrt users. > > A Trac ticket from April exists for HTTPS downloads, but it has not gotten > much attention [2]. > > [1] http://cryptome.org/2013/12/appelbaum-30c3.pdf, slide 18 > [2] https://dev.openwrt.org/ticket/13346 > > Thanks, > iyCXLONo > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel >
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel