[Buildroot] [psa] various server software upgrades
Mike Frysinger
vapier at gentoo.org
Tue Dec 8 17:27:52 UTC 2015
On 08 Dec 2015 17:43, Peter Korsgaard wrote:
> >>>>> "Mike" == Mike Frysinger <vapier at gentoo.org> writes:
>
> >> I don't believe we will ever bootstrap wget, but we might add
> >> --no-check-certificates in the future (with the download hashes,
> >> checking certificates doesn't add much).
>
> > except there is no checking on the initial download.
>
> With initial download I take it you mean Buildroot, right? That we have
> alternatives for (gpg signatures, git clones, download though browser) -
> But sources.buildroot.{net,org} is almost exclusively used by wget, so I
> prefer to not break it for non-sni capable versions.
realistically, how many people do you think actually leverage gpg
signatures ? having transparent https is better imo than people
running old insecure setups and just telling them to use the one
flag when downloading the initial file. if they're running wget,
then they're probably reading some doc right ? just put a foot
note in there mentioning the flag and old clients.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20151208/8af0243f/attachment-0002.asc>
More information about the buildroot
mailing list