[oe] checksums situation
Alessandro GARDICH
gremlin at gremlin.it
Sat Feb 28 09:57:07 UTC 2009
Bernhard Guillon wrote:
> Tom Rini wrote:
>> This is one of my points. People think we have security from our
>> current checksum list, but we do not.
>>
>>
> Then we have to make clear that the checksums are for integrity only and
> not for security.
> It is impossible for us to do security. E.g. most sourceforge projects
> do not sign their packages. We would need to review the source of every
> package to see if it does stuff it should not do. We would also need to
> track security updates for packages - which we should do anyway.
>
> Best regards
> Bernhard Guillon
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
Sincerely I don't feel the need of "security" in OE but that is.
In my opinion the checking of the sources is a feature we can have but
for sure not in a global checksum.ini file, it's unmanageable.
Every recipe, in which is defined a source can have a checksum, as
someone else proposed is a better solution.
Talking about security in a strict way, check the sources have in my
opinion no sense, an "evil" recipe could fetch a well signed source of
ssh (as example) and apply a patch to add a back door.
Checking can be useful but not for security reason, at most just to be
sure the source is what expect to be.
How checksum behave is source is a latest revision of a VCS ?
Other point, I completely dislike the current behaviour : if a source
haven't a checksum fail do build. No please ... the default could be a
warning not a fail!
I'm sure 90% or OE users got a failure, ask for help and now have
OE_STRICT_CHECKSUMS = "" in their local.conf ... have it sense ???
In my opinion the default behaviour have to be a warning, for who is
sensible to a (false) security they can enforce the behaviour (suck as
-Werror for gcc) but no more.
A warning at the end of bitbake build could also be useful, something
like "your final image contain non checked sources", but not a FAIL!
Last but more important : why the hell this feature is in the default
dev branch ??? why wasn't created a "checksum" branch to test it !!!
One thing make OE UNUSABLE for day to day work is the BAD behaviour :
- think a feature
- start (but not finish) to implement it
- push
- make dev branch fail to build
- start to correct/finish the feature
damn, we got git to be easy to branch to test new features!!!
--
/-------------------------------------------------------------\
| Alessandro Gardich : gremlin#gremlin!it |
>-------------------------------------------------------------<
| I never saw a wild thing sorry for itself. |
| A small bird will drop frozen dead from a bough |
| without ever having felt sorry for itself. |
\-------------------------------------------------------------/
More information about the Openembedded-devel
mailing list