On Tue, Apr 20, 2021 at 1:46 PM Shachar Menashe <[email protected]> wrote: > > Last time we talked about this I thought we would need to change something in > openssl build settings to make the openssl binary get built just for this > solution, and that was what got rejected. > But actually now I see (or perhaps it got changed) that the openssl binary is > built anyways, in any build that already relies on openssl. > So my suggestion is to enable this feature. Like I said in builds with > openssl it will make everything more secure in a transparent manner, and in > builds without openssl it will display a warning just like today. > I wouldn't consider it a hacky solution since this is the official solution > for this issue.
It's very clearly a hack. Maybe it's the "official solution" for supporting https with busybox wget, but OE has a wider scope - we're not limited to busybox wget if a better overall solution is available. > This is also exacerbated due to the fact that there are no other alternatives > for secure download from CLI (ex. the sato build doesn't contain the "curl" > standalone binary) I don't see an issue with adding curl to any OE reference image which needs an https client. > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#150728): https://lists.openembedded.org/g/openembedded-core/message/150728 Mute This Topic: https://lists.openembedded.org/mt/82240467/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
