Noticed the dl.platformio.org manifest was using http instead of https - but dl.platformio.org has a valid SSL certificate and is answering https requests correctly.
Since it's downloading binaries that are executed on the host machine, this is also good for security - in theory (I think, not tested) it should be possible to intercept the traffic and offer a new toolchain for example with malicious binaries.
Noticed the dl.platformio.org manifest was using http instead of https - but dl.platformio.org has a valid SSL certificate and is answering https requests correctly.
Since it's downloading binaries that are executed on the host machine, this is also good for security - in theory (I think, not tested) it should be possible to intercept the traffic and offer a new toolchain for example with malicious binaries.