[oe] Recent wordpress attacks and md5sum
Holger Freyther
zecke at selfish.org
Sun Mar 4 16:54:08 UTC 2007
Hello,
the recent wordpress attacks illustrates the danger of changed
sourcecode. Luckily we do not package wordpress but our packages
would have contained this backdoor! Now to use the buzz words
terrorism, danger, security and you all should be scared.
Luckily we do not need a homeland security act to avoid this situation:
<THE_MAIN_POINT>
Please add md5sum to your SRC_URI on http/ftp/sctp.
</THE_MAIN_POINT>
sincerly
Secretary and Chief Donk of Free Software Security
PS: I wonder if bitbake should refuse to fetch code without md5sum/
shasum
PPS: Yeah md5 is cracked, so is the sha family, any other options?
More information about the Openembedded-devel
mailing list