mapkyca!tell benwerd I forgot if I mentioned this before, think I did... your package download is http, not tls. You should probably include a sha hash (bonus points, signed sha hash) on the /opensource/ page so people can verify their package before they install it.
