yesterday they were also serving a update catalog index that did not match it's signature https://downloads.dell.com/catalog/CatalogIndex.gz // https://downloads.dell.com/catalog/CatalogIndex.gz -- but that was fixed after I complained

and their idrac based firmware updater downloads http(s)://downloads.dell.com/Catalog/Catalog.xml.gz without checking the signature -- and by default without verifying https certificates when using https :D