SECURITY ALERT !

Fine that you folks now finally dropped the ugly installer, but you just opened yet another major security risk:

 

You explicitly disabled package signing *AND* also using unencrypted HTTP transport.

That way, it's pretty trivial to completely take over you user's systems, by injecting malicious packages.

 

 

Linux Embedded / Kernel Hacker / BSP / Driver development / Systems engineering
0 Kudos
(659 Views)