Re: [yocto-security] [PATCH] busybox: use openssl for TLS connections whenever possible
On Tue, Apr 20, 2021 at 1:46 PM Shachar Menashe <shachar@...> wrote:
It's very clearly a hack. Maybe it's the "official solution" for
supporting https with busybox wget, but OE has a wider scope - we're
not limited to busybox wget if a better overall solution is available.
This is also exacerbated due to the fact that there are no other alternatives for secure download from CLI (ex. the sato build doesn't contain the "curl" standalone binary)I don't see an issue with adding curl to any OE reference image which
needs an https client.
OK, so do you suggest adding curl and removing wget? (that would be a patch with a configuration change to busybox)