[oe] [meta-webserver] cherokee: fix SRC_URI
Emil R. Petersen
erp at movis.dk
Thu Sep 5 12:04:23 UTC 2013
I can see that this is hosted on a University website, but is there a
policy for using non-official mirrors?
This seems like it opens up a lot of potential security problems IMO.
Not only could the third-party mirror be easy to compromise, but how
would be assure we don't use a malicious mirror? Or that a malicious
contributer doesn't add a deliberatively tainted mirror?
In short, is there some sort of policy on when and how we use
third-party mirrors? Is security considerations part of the policy?
Kind Regards,
Emil Petersen
On 05/09/13 13:54, Javier Viguera wrote:
> The package is no longer available in the official cherokee site,
> so download it from a mirror.
>
> Signed-off-by: Javier Viguera<javier.viguera at digi.com>
> ---
>
> Notes:
> To be cherry-picked to Dylan as well.
>
> meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb b/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb
> index 265e24e..4b2d68d 100644
> --- a/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb
> +++ b/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb
> @@ -9,7 +9,7 @@ PR = "r9"
>
> DEPENDS = "libpcre openssl mysql5 ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>
> -SRC_URI = "http://www.cherokee-project.com/download/1.2/${PV}/cherokee-${PV}.tar.gz \
> +SRC_URI = "ftp://ftp.osuosl.org/.1/cherokee/1.2/${PV}/cherokee-${PV}.tar.gz \
> file://cherokee.init \
> file://cherokee.service \
> "
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
More information about the Openembedded-devel
mailing list