#21950: the file 'sha256sums' used to verify .bin downloads needs to be
cryptographically signed
------------------------------------+------------------------
Reporter: kgbgvk | Owner: developers
Type: defect | Status: new
Priority: highest | Milestone:
Component: other | Version: Trunk
Keywords: signature verification |
------------------------------------+------------------------
For the security of openwrt users, please crytographically sign the
sha256sums file so users can verify the authenticity of downloaded .bin
files. A corresponding 'sha256sums.sig' file should exist alongside the
'sha256sums' file to allow verification.
The recent Linux Mint attack is real world proof that attacks happen and
openwrt users who are willing to check the authenticity of their downloads
should be able to.
--
Ticket URL: <https://dev.openwrt.org/ticket/21950>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
