[oe] checksums situation
Tom Rini
trini at kernel.crashing.org
Wed Feb 25 02:25:07 UTC 2009
On Tue, Feb 24, 2009 at 11:01:05PM -0300, Otavio Salvador wrote:
[snip]
> I do belive that the best way to solve it is to have a md5 file together
> with the .bb recipe. This solves the problems for forks, derivatives and
> also makes harder to just use "cat tmp/checksums.ini >> conf/checksums.ini".
Running a script that will make the .sum file isn't any harder really.
And it's still a "this is the checksum we downloaded" not "this is the
checksum upstream says is correct".
> Doing that we'll have a clear way to add the required content, avoid the
> mirror and URL issues and also make simple to forget about useless
> entries in the metadata repository.
>
> Obviously, it is a little more difficult to add the contents but I
> believe that it will enforce more checking by our side before changing a
> hash.
I think there's enough eyes on things now such that people don't just
change checksums.ini and not get called out on it. But that's still an
aside.
--
Tom Rini
More information about the Openembedded-devel
mailing list