[oe] Recent wordpress attacks and md5sum
zecke at selfish.org
Sun Mar 4 17:54:08 CET 2007
the recent wordpress attacks illustrates the danger of changed
sourcecode. Luckily we do not package wordpress but our packages
would have contained this backdoor! Now to use the buzz words
terrorism, danger, security and you all should be scared.
Luckily we do not need a homeland security act to avoid this situation:
Please add md5sum to your SRC_URI on http/ftp/sctp.
Secretary and Chief Donk of Free Software Security
PS: I wonder if bitbake should refuse to fetch code without md5sum/
PPS: Yeah md5 is cracked, so is the sha family, any other options?
More information about the Openembedded-devel