diff options
| author | Francis Rowe <info@gluglug.org.uk> | 2015-04-11 07:01:49 (EDT) |
|---|---|---|
| committer | Francis Rowe <info@gluglug.org.uk> | 2015-04-11 07:01:49 (EDT) |
| commit | 7e14c8e8954b8c1eb1626d87b8f2a37bbd3a64b0 (patch) | |
| tree | 014acdff286dabf1736cc185aacc8bd1ac3aca18 | |
| parent | 2cb111719e0a6f8d8ca31a0ac65571c318be1708 (diff) | |
| download | libreboot-7e14c8e8954b8c1eb1626d87b8f2a37bbd3a64b0.zip libreboot-7e14c8e8954b8c1eb1626d87b8f2a37bbd3a64b0.tar.gz libreboot-7e14c8e8954b8c1eb1626d87b8f2a37bbd3a64b0.tar.bz2 | |
docs/tasks.html: Notes about sha512sum checking on downloads
| -rw-r--r-- | docs/tasks.html | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/tasks.html b/docs/tasks.html index 8b4767e..be915c0 100644 --- a/docs/tasks.html +++ b/docs/tasks.html @@ -286,6 +286,15 @@ (but still include a commented-out link to the gerrit patch that the diff file came from)</i></li> </ul> </li> + <li> + <b><u><i>HIGH PRIORITY!</i></u></b> + When downloading coreboot/grub/memtest/etc using the download scripts, it currently does + not check the integrity of these sources at all. Libreboot releases are signed, but + what can be done to improve it is to check the sha512sums of all files downloaded + by these scripts (which are in the git repository, but not the release archives, + because the release archives already include these sources). Do this for all + non-integrated modules used in libreboot. + </li> <li><b><u><i>HIGH PRIORITY!</i></u></b> <b>Make memtest86+ build using coreboot's own crossgcc toolchain. Currently, memtest86+ doesn't even work at all when cross-compiled using the toolchain in x86-64 trisquel7</b></li> <li> |