[yocto] Yocto Project Manual
Rifenbark, Scott M
scott.m.rifenbark at intel.com
Tue Jul 29 03:27:23 PDT 2014
Tiemo,
Thanks for noting this and contacting me. I am reposting to the yocto at yoctoproject.org group for additional input. I will get modifications into the manual.
Best,
Scott
>-----Original Message-----
>From: Tiemo Krüger [mailto:tk at mycable.de]
>Sent: Tuesday, July 29, 2014 2:50 AM
>To: Rifenbark, Scott M
>Subject: Yocto Project Manual
>
>Hello Scott,
>
>I just read a little bit in this doc:
>
>http://www.yoctoproject.org/docs/1.6/dev-manual/dev-manual.html#new-
>recipe-writing-a-new-recipe
>
>and since your eMail is mentioned on top I contact you regarding the below
>paragraph in chapter 5.3.5
>
>"To find these checksums, you can comment the statements out and then
>attempt to build the software. The build will produce an error for each missing
>checksum and as part of the error message provide the correct checksum string.
>Once you have the correct checksums, simply copy them into your recipe for a
>subsequent build."
>
>We here really think this is the wrong way to create the checksums for a recipe
>since downloading them and then creating the checksum doesn't protect you
>against man in the middle attacks. The text should be modified that the
>checksums must at least be checked against the checksums provided by the
>original website even if this is still not completely safe. And simple command
>line tools like md5sum and sha256sum shall be mentioned.
>
>Would be great if you could take care of this for the next release of the doc.
>
>best regards,
>
>Tiemo
More information about the yocto
mailing list