On 01/01/14 23:11, Weedy wrote: > If this really bothers you, you build from source. And vet the source code > before building images. > > This is what I do for my clients.
Someone also mentioned this approach on the trac issue[0], so I'll use same comments here as well. No offence meant by not personalising it :) --- Someone asked me earlier today about how a 'self built' approach alleviates the chicken and egg problem of the compiler[1] At minimum, I'd suggest maybe it'd be a better usage of infrastructure/development time for OpenWRT to consider reproducible/deterministic binaries[2][3] or am I showing my ignorance of current practice of OpenWRT? Cheers, Pete. [0] https://dev.openwrt.org/ticket/13346#comment:6 [1] http://cm.bell-labs.com/who/ken/trust.html [2] https://wiki.debian.org/ReproducibleBuilds [3] https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
