Hi Christoph, > > STRONGSWAN_URL := > > http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) > > Changing here to https to get this security related package would be nice.
Yes, I just tested https and it works flawlessly. I will send it as a new patch so it's highlighted in ptxdist short log, that packages should preferably be downloaded from https/ftps urls. > By the way, is there any work in the pipe to get PGP-Signature verification > into ptxdist instead of "md5summing"? Yes, PGP-signature verification could be nice. Would you bundle all public keys in ptxdist git repo? An easy step stone could be to add SHA256 hash support in ptxdist. Pseudo code: if STRONGSWAN_SHA256 exist: hash = sha256sum STRONGSWAN_SOURCE return (hash == STRONGSWAN_SHA256) else hash = md5sum STRONGSWAN_SOURCE return (hash == STRONGSWAN_MD5) After looking at how the md5 hash check is performed, I think it's easier to add sha256 hashes to all rules and then change hash function. /Bruno -- ptxdist mailing list ptxdist@pengutronix.de