[oe] checksums situation
Tom Rini
trini at kernel.crashing.org
Tue Feb 24 16:37:51 UTC 2009
On Tue, Feb 24, 2009 at 09:25:26AM -0700, Angus Ainslie wrote:
> On Tue, 2009-02-24 at 17:13 +0100, Michael 'Mickey' Lauer wrote:
> > Am Montag, den 23.02.2009, 23:46 -0700 schrieb Tom Rini:
> > > I'm going to make a different suggestion. Lets just drop it.
> >
> > I'm in favour of this. I don't think they give us the safety we want and
> > they introduce more inconvenience.
> >
> > Cheers,
> >
>
> Couldn't the default be a stern warning if the checksums don't match and
> distro's that want it could change it to an error ?
That's not what's causing heartburn. What's causing it is the far more
sources than checksums we have today. Which got me thinking that (as I
said just now in another email) we have a system that's fine for
checking if the tarball changed under me, but worthless for "are the
sources what upstream says they should be", ie guarding against trojans.
--
Tom Rini
More information about the Openembedded-devel
mailing list