The entire openwrt thread is at:
https://lists.openwrt.org/pipermail/openwrt-devel/2024-March/042499.html
continuing at:
https://lists.openwrt.org/pipermail/openwrt-devel/2024-April/042521.html
Daniel Golle <dan...@makrotopia.org> wrote:
> However, after reading up about the details of this backdoored release
> tarball, I believe that the current tendency to use tarballs rather
> than (reproducible!) git checkouts is also problematic to begin with.
> Stuff like 'make dist' seems like a weird relic nowadays, creates more
> problems than it could potentially solve, bandwidth is ubiquitous, and
> we already got our own tarball mirror of git checkouts done by the
> buildbots (see PKG_MIRROR_HASH). So why not **always** use that
> instead of potentially shady and hard to verify tarballs?
I wonder if we should nuke our own make tarball system.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org
To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
