Tiemo, Thanks for noting this and contacting me. I am reposting to the yocto@yoctoproject.org group for additional input. I will get modifications into the manual.
Best, Scott >-----Original Message----- >From: Tiemo Krüger [mailto:t...@mycable.de] >Sent: Tuesday, July 29, 2014 2:50 AM >To: Rifenbark, Scott M >Subject: Yocto Project Manual > >Hello Scott, > >I just read a little bit in this doc: > >http://www.yoctoproject.org/docs/1.6/dev-manual/dev-manual.html#new- >recipe-writing-a-new-recipe > >and since your eMail is mentioned on top I contact you regarding the below >paragraph in chapter 5.3.5 > >"To find these checksums, you can comment the statements out and then >attempt to build the software. The build will produce an error for each missing >checksum and as part of the error message provide the correct checksum string. >Once you have the correct checksums, simply copy them into your recipe for a >subsequent build." > >We here really think this is the wrong way to create the checksums for a recipe >since downloading them and then creating the checksum doesn't protect you >against man in the middle attacks. The text should be modified that the >checksums must at least be checked against the checksums provided by the >original website even if this is still not completely safe. And simple command >line tools like md5sum and sha256sum shall be mentioned. > >Would be great if you could take care of this for the next release of the doc. > >best regards, > >Tiemo -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto