Supply chain attacks are gaining in popularity and it would be good for Peplink to offer additional assurance that downloaded firmware is legit. Thanks to Solar Winds, everyone knows that depending on HTTPS is insufficient.
One approach is to publish a hash of each firmware version. A simpler, but related, approach would be to publish the exact size, in bytes, of each firmware version. Or both.
Peplink routers do some verification of new firmware before installing it. Explaining what is validated would also be re-assuring.
Finally, a firmware Release Candidate should be clearly identified as such. This is already done with Beta releases. I mention this because 8.1.1 RC2 self identifies as 8.1.1 build 4991, with no mention of it being a Release Candidate.
Thank you.