[OpenWrt-Devel] RFC: check signatures of sysupgrades via ucert
ynezz at true.cz
Fri Apr 26 07:13:48 EDT 2019
Daniel Golle <daniel at makrotopia.org> [2019-04-24 00:33:53]:
> I don't think using UCI for this makes sense,
it makes sense to me, as it allows easier opt-in via custom uci-defaults
script for downstream projects during the transition period.
> because people also use sysupgrade in failsafe mode and then may not be able
> to change UCI options. We already got the '-F' option of sysupgrade, imho
> this is enough to ignore an invalid signature.
This is assuming, that the signature verification is enabled by default which
is not going to happen for some time.
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
More information about the openwrt-devel