On Tue, Apr 20, 2021 at 1:46 PM Shachar Menashe <[email protected]> wrote: > > Last time we talked about this I thought we would need to change something in > openssl build settings to make the openssl binary get built just for this > solution, and that was what got rejected. > But actually now I see (or perhaps it got changed) that the openssl binary is > built anyways, in any build that already relies on openssl. > So my suggestion is to enable this feature. Like I said in builds with > openssl it will make everything more secure in a transparent manner, and in > builds without openssl it will display a warning just like today.
How much does busybox size grow with this? I think we will have to add openssl dependency on it, or else default wget behavious will be less than ideal. right now perhaps using gnu wget is a standalone solution but I do understand that it may not be usable in some cases. > I wouldn't consider it a hacky solution since this is the official solution > for this issue. > This is also exacerbated due to the fact that there are no other alternatives > for secure download from CLI (ex. the sato build doesn't contain the "curl" > standalone binary) certainly, add curl to default reference images would be fine. > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#150719): https://lists.openembedded.org/g/openembedded-core/message/150719 Mute This Topic: https://lists.openembedded.org/mt/82240467/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
