Bloat » Cerowrt

As Jon Corbet points out here: http://lwn.net/Articles/451837/

"There is one important implication here: routinely updating packages is not something that OpenWrt users do. At even a low level of package churn, the available storage space would likely run out in a hurry. To make things worse, the bootloader requires the kernel to be placed in flash ahead of the first filesystem. Since (1) the kernel is not stored in the filesystem itself, and (2) a change in kernel size requires relocating the filesystems that come after it, it's really not possible to update the kernel on an OpenWrt installation. OpenWrt does make it relatively easy to update the entire distribution - configuration files are preserved - but that is not something administrators will do often.

That adds up to a bit of a scary situation. Routers are often in the position of being fully exposed to the Internet and having full access to the local network. They are an obvious target for attack, especially when they are capable of running anything that can be put onto a Linux system. The net is not full of stories of exploitable OpenWrt vulnerabilities, but the possibility always exists, especially if some of the more complex or obscure packages are installed. It seems solid, but your editor would sleep much better if OpenWrt had a better way to install updates and a process for dealing with security issues. "

As would I.