Hello, most up-to-date Linux distributions have switched to package signing.
This way it is no problem if someone abuses security holes on package mirrors to place manipulated packages. It also helps to prevent "man in the middle attacks" where someone in the same network overrides the original server to inject bad packages.
The package manager, used by OpenWRT, has the ability to sign packages. For some unknown reason this is not used by OpenWRT.
Is there any plan to sign your packages? When do you plan to do so? Thank you very much in advance. Greetings, Manuel _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
