Hi Heinrich,
On Tue, 26 Oct 2021 at 13:43, Heinrich Schuchardt
wrote:
>
> Downloading binaries and executing without checking the authenticity is
> at least unwise.
>
> When binman downloads GCC it should also download and verify the GPG
> signatures.
>
> Additionally binman could hold a list of
Downloading binaries and executing without checking the authenticity is
at least unwise.
When binman downloads GCC it should also download and verify the GPG
signatures.
Additionally binman could hold a list of the SHA256 hashes of all
binaries in question for a further check.
Best
2 matches
Mail list logo