[oe] checksums situation
Tom Rini
trini at kernel.crashing.org
Tue Feb 24 22:17:28 UTC 2009
On Tue, Feb 24, 2009 at 11:10:05PM +0100, GNUtoo wrote:
[snip]
> *security: that is also very important as threats are growing:
> **nasty threats are growing(at least that's what I heard in the press)
> such as computer infections(malware etc..)
> **intrusion into citizen's computer by the state is legal in some countries:
> http://yro.slashdot.org/article.pl?sid=09/01/04/2042242
> **sometimes distributions repository get compromised
> http://www.vnunet.com/vnunet/news/2224622/red-hat-admits-getting-hacked
This is exactly why I think we should drop what we have now. If we want
security then we need to do something like verify the signed md5 (or
sha or what have you) that projects that care enough to do it provide.
Otherwise it's a false sense of security we've got.
--
Tom Rini
More information about the Openembedded-devel
mailing list