[oe] Recent wordpress attacks and md5sum
Koen Kooi
koen at dominion.kabel.utwente.nl
Sun Mar 4 17:02:50 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Holger Freyther schreef:
> Hello,
> the recent wordpress attacks illustrates the danger of changed
> sourcecode. Luckily we do not package wordpress but our packages
> would have contained this backdoor! Now to use the buzz words
> terrorism, danger, security and you all should be scared.
> Luckily we do not need a homeland security act to avoid this situation:
>
> <THE_MAIN_POINT>
> Please add md5sum to your SRC_URI on http/ftp/sctp.
> </THE_MAIN_POINT>
I have a bunch of sources, but how do I know that these have the correct md5sum? Should we
all run md5sum on our DL_DIR and compare results?
> PS: I wonder if bitbake should refuse to fetch code without md5sum/
> shasum
Another extension for insane.bbclass? How do we handle mirrors for svn/cvs checkouts?
regards,
Koen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFF6vu6MkyGM64RGpERArrVAJ9E0JteKkamkU0hyL/ZBhKEZrApjwCfUmbH
a89nPtPAdSUsw7f7gmrGZ28=
=oOhM
-----END PGP SIGNATURE-----
More information about the Openembedded-devel
mailing list