Paul Spooren <m...@aparcar.org> [2020-11-24 22:29:00]: Hi,
> Using HTTPS for opkg dramatically slows down download of packages and reload > of indexes. do you've such dramatic numbers handy? > This was mostly introduced to secure the ImageBuilder. However with the > usign signature checking ability added to ImageBuilders, this becomes > obsolete. It is still possible to manually change feeds to HTTPS if desired, > but the default can be HTTP. I don't agree. From my point of view HTTPS is another protection layer and should be enabled by default. It's our safety net against issues like CVE-2020-7982[1] as we know, regressions are quite common in software world. > This was already requested via IRC and accepted somewhat accepted as the > current ustream-wolfssl implementation is broken. If it's broken, then it should be fixed. If it's unmaintained then the package should be disabled or removed. Disabling HTTPS is not going to fix that issue in ustream-wolfssl package as reported in FS#3465. -- ynezz _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel