On Wed, Apr 21, 2021 at 2:22 AM Shachar Menashe <shac...@vdoo.com> wrote: > On Tue, Apr 20, 2021 at 1:46 PM Shachar Menashe <shac...@vdoo.com> wrote: > > Last time we talked about this I thought we would need to change something in > openssl build settings to make the openssl binary get built just for this > solution, and that was what got rejected. > But actually now I see (or perhaps it got changed) that the openssl binary is > built anyways, in any build that already relies on openssl. > So my suggestion is to enable this feature. Like I said in builds with > openssl it will make everything more secure in a transparent manner, and in > builds without openssl it will display a warning just like today. > I wouldn't consider it a hacky solution since this is the official solution > for this issue. > > It's very clearly a hack. Maybe it's the "official solution" for > supporting https with busybox wget, but OE has a wider scope - we're > not limited to busybox wget if a better overall solution is available. > > This is also exacerbated due to the fact that there are no other alternatives > for secure download from CLI (ex. the sato build doesn't contain the "curl" > standalone binary) > > I don't see an issue with adding curl to any OE reference image which > needs an https client. > > OK, so do you suggest adding curl and removing wget? (that would be a patch > with a configuration change to busybox)
Yes, sounds good to me.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#150751): https://lists.openembedded.org/g/openembedded-core/message/150751 Mute This Topic: https://lists.openembedded.org/mt/82240467/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
