Re: [OpenWrt-Devel] HTTPS for binaries

2014-01-02 Thread Lukas Macura
Hi to all, I see that there is nice discussion about HTTPS, SSL and systime. This is nice place to interact :) Even if it sounds like more issues, in fact, there is big issue to increase security in openwrt. We are building BESIP images, based on OpenWrt. And we are trying to solve more prob

Re: [OpenWrt-Devel] HTTPS for binaries

2014-01-02 Thread David Lang
On Thu, 2 Jan 2014, Peter Lawler wrote: On 01/01/14 23:11, Weedy wrote: If this really bothers you, you build from source. And vet the source code before building images. This is what I do for my clients. Someone also mentioned this approach on the trac issue[0], so I'll use same comments he

Re: [OpenWrt-Devel] HTTPS for binaries

2014-01-02 Thread Peter Lawler
On 01/01/14 23:11, Weedy wrote: > If this really bothers you, you build from source. And vet the source code > before building images. > > This is what I do for my clients. Someone also mentioned this approach on the trac issue[0], so I'll use same comments here as well. No offence meant by not p

Re: [OpenWrt-Devel] HTTPS for binaries

2014-01-01 Thread David Newall
On 1 Jan 2014 05:24, "iyCXLONo mVUTxeyv" > wrote: Is it possible to download OpenWrt binaries over HTTPS? On 01/01/14 22:41, Weedy wrote: If this really bothers you, you build from source. And vet the source code before building images. If they can be downloade

Re: [OpenWrt-Devel] HTTPS for binaries

2014-01-01 Thread etienne . champetier
Hi - Mail original - > De: "Weedy" > À: "OpenWrt Development List" > Envoyé: Mercredi 1 Janvier 2014 13:11:08 > Objet: Re: [OpenWrt-Devel] HTTPS for binaries > > If this really bothers you, you build from source. And vet the source > code befor

Re: [OpenWrt-Devel] HTTPS for binaries

2014-01-01 Thread Peter Lawler
On 01/01/14 21:23, iyCXLONo mVUTxeyv wrote: > Hello, > > Is it possible to download OpenWrt binaries over HTTPS? If not, which seems > to be the case, I want to suggest that HTTPS for downloads is needed. The > HTTP downloads are at risk of man-in-the-middle attacks. For instance, > compromi

Re: [OpenWrt-Devel] HTTPS for binaries

2014-01-01 Thread Weedy
If this really bothers you, you build from source. And vet the source code before building images. This is what I do for my clients. On 1 Jan 2014 05:24, "iyCXLONo mVUTxeyv" wrote: > Hello, > > Is it possible to download OpenWrt binaries over HTTPS? If not, which > seems to be the case, I want

[OpenWrt-Devel] HTTPS for binaries

2014-01-01 Thread iyCXLONo mVUTxeyv
Hello, Is it possible to download OpenWrt binaries over HTTPS? If not, which seems to be the case, I want to suggest that HTTPS for downloads is needed. The HTTP downloads are at risk of man-in-the-middle attacks. For instance, compromised binaries could be supplied in response to HTTP downl