>>>>> On Sun, 06 Sep 2015 20:56:08 +0200, Christian Meyer <[email protected]> said:
> FAI can download $FAI_CONFIG_SRC via http for example from a website.
> To secure this *.tar.gz archive a .md5 file (containing the *.tar.gz's
checksum)is neccessary.
> Without this .md5-file FAI aborts the installation. That's good and
expected.
> BUT: If the .md5-file contains the wrong checksum (I manually changed it
for testing purpuses)
> the installation is continued anyway - using the downloaded config.
I just removed the md5 check. The new version will be included in FAI 4.4.
I added the md5 check not because of security but more because of
detecting bad file tranfers. But http/tcp should do this for us.
--
regards Thomas
