[oe] checksums situation
Bernhard Guillon
Bernhard.Guillon at opensimpad.org
Thu Feb 26 12:50:58 UTC 2009
Tom Rini wrote:
> This is one of my points. People think we have security from our
> current checksum list, but we do not.
>
>
Then we have to make clear that the checksums are for integrity only and
not for security.
It is impossible for us to do security. E.g. most sourceforge projects
do not sign their packages. We would need to review the source of every
package to see if it does stuff it should not do. We would also need to
track security updates for packages - which we should do anyway.
Best regards
Bernhard Guillon
More information about the Openembedded-devel
mailing list