Don't keep OpenSSL binaries in source control. Do make it easy to build them. #11

New Issue

cory · 2024-02-20T12:36:08-05:00

cory commented

2024-02-20 12:36:08 -05:00

I pretty much just intend to automate what tools/ssl-android and friends do as an optional part of the makefile.

I pretty much just intend to automate what `tools/ssl-android` and friends do as an optional part of the makefile.

tasiaiso commented

2024-02-20 13:41:22 -05:00

Including prebuilt versions of anything (bundled js files included) is a massive security risk (are you sure I'm not introducing malware in #1 by modifying cm6.js ?). It does make building the app a lot easier, but it's not worth it in the long-term.

https://en.wikipedia.org/wiki/Supply_chain_attack

Including prebuilt versions of anything (bundled js files included) is a massive security risk (are you sure I'm not introducing malware in #1 by modifying cm6.js ?). It does make building the app a lot easier, but it's not worth it in the long-term. https://en.wikipedia.org/wiki/Supply_chain_attack

cory commented

2024-02-20 14:23:31 -05:00

Yeah, I haven't been distributing them with the source tarballs for that reason, but now that the full tree is public, things need to be better.

cory referenced this issue from a commit

2024-02-21 12:32:28 -05:00

Remove prebuilt OpenSSL from source control. #11

cory referenced this issue from a commit

2024-02-21 20:23:47 -05:00

Give iOS the same openssl build treatment as android and mingw. #11

cory closed this issue

2024-02-21 20:24:19 -05:00

cory added this to the 0.0.16 milestone 2024-02-21 20:24:58 -05:00