Mario, this review is in progress. One point that worries me greatly is that fwupd appears to allow any hash to authenticate firmware files that are served over appstream and our appstream package appears to allow MD5 and SHA-1, neither of which are acceptable to authenticate firmware updates.
If I can't find any code that enforces a sha256 or better hashing algorithm to authenticate firmware downloads I'm going to have to NAK this package regardless of its other merits. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1536871 Title: [MIR] fwupd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1536871/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
