TBB makefile downloads deps unauthenticated
Just noticed that the TBB build system does not authenticate the dependencies it downloads. Some of the URLs (in versions*.mk) are plain HTTP and FTP, but even for HTTPS, wget is called with --no-check-certificate. And I don't see any verification of checksums or signatures going on here.
Is the TBB build somehow decentralized and redundant, like the Bitcoin people do it, so that this doesn't matter?