The entire openwrt thread is at:
continuing at:

Daniel Golle <> wrote:
    > However, after reading up about the details of this backdoored release
    > tarball, I believe that the current tendency to use tarballs rather
    > than (reproducible!) git checkouts is also problematic to begin with.

    > Stuff like 'make dist' seems like a weird relic nowadays, creates more
    > problems than it could potentially solve, bandwidth is ubiquitous, and
    > we already got our own tarball mirror of git checkouts done by the
    > buildbots (see PKG_MIRROR_HASH). So why not **always** use that
    > instead of potentially shady and hard to verify tarballs?

I wonder if we should nuke our own make tarball system.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]        |   ruby on rails    [

tcpdump-workers mailing list --
To unsubscribe send an email to

Reply via email to