On Tue, Apr 20, 2021 at 1:46 PM Shachar Menashe <shac...@vdoo.com> wrote:
> > > Last time we talked about this I thought we would need to change something > in openssl build settings to make the openssl binary get built just for > this solution, and that was what got rejected. > But actually now I see (or perhaps it got changed) that the openssl binary > is built anyways, in any build that already relies on openssl. > So my suggestion is to enable this feature. Like I said in builds with > openssl it will make everything more secure in a transparent manner, and > in builds without openssl it will display a warning just like today. > I wouldn't consider it a hacky solution since this is the official > solution for this issue. It's very clearly a hack. Maybe it's the "official solution" for supporting https with busybox wget, but OE has a wider scope - we're not limited to busybox wget if a better overall solution is available. > > This is also exacerbated due to the fact that there are no other > alternatives for secure download from CLI (ex. the sato build doesn't > contain the "curl" standalone binary) I don't see an issue with adding curl to any OE reference image which needs an https client. > > OK, so do you suggest adding curl and removing wget? (that would be a > patch with a configuration change to busybox)
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#150741): https://lists.openembedded.org/g/openembedded-core/message/150741 Mute This Topic: https://lists.openembedded.org/mt/82240467/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
