Modify

Opened 6 years ago

Closed 5 years ago

Last modified 4 years ago

#10056 closed defect (wontfix)

Openwrt image downloads insecure

Reported by: mosam Owned by: developers
Priority: high Milestone: Barrier Breaker 14.07
Component: base system Version: Trunk
Keywords: Cc:

Description

As far as I can tell, the Openwrt image can only be downloaded via plain http with the option to verify the download with the provided md5sum. However,
md5 is considered broken for a while now (https://secure.wikimedia.org/wikipedia/en/wiki/MD5#Security).
Ubuntu and other distributions use sha256 hashes and gpg signatures for verification of downloads, which is way more secure.

Is it possible to also get the sha256 hash and gpg signatures for Openwrt downloads?

Attachments (0)

Change History (2)

comment:1 Changed 5 years ago by florian

  • Resolution set to wontfix
  • Status changed from new to closed

md5 is sufficiently safe for us, while gpg requires a lot of tools for verifying the signature.

comment:2 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.