Hi Richard, thanks for the reply. This is quite unusual but the demands on our time are growing and it'd help me immensely if you could aim me towards the methods that:
- verifies the firmware.xml.gz file - verifies the contents of firmware.inf and firmware.metainfo.xml files within the cab files Please do also switch to SHA-256 or SHA-512, both in whatever explicit checks you're using and in the GnuPG signatures. (gpg --list-packets < foo.gpg.asc | grep digest -- 2 is SHA-1, 8 is SHA-256, 10 is SHA-512) We recently switched APT to requiring SHA-512 signatures and I think firmware updates deserve parity with software updates. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1536871 Title: [MIR] fwupd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1536871/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
