New added CHROMEOS_RELEASE_BUILDER_PATH in lsb-release cannot stay in signed image |
||
Issue descriptionRegarding on crbug.com/634642 and crbug.com/471906 , a new CHROMEOS_RELEASE_BUILDER_PATH is added in lsb-release, whose format is like: peppy-release/R42-6802.0.0. Don suggests this line cannot be signed and shipped out.
,
Oct 28 2016
regardless of the content, i don't see a problem here ? these are sekrit URIs where the world will burn if they see them ... and we already have publicly mentioned/logged those in many places.
,
Oct 28 2016
It just seemed dirty to be embedding transient URLs into the release version file.
,
Oct 28 2016
while i tend to agree with the sentiment, i vaguely recall that we've had requests like this in the past ? people want an easy way to track back images to builds. i'm not suggesting we make this an ABI they can rely on, but for devs, it's a nice hand i think. we can update the signer to strip out keys from lsb-release easily. but i think having a few extra build related ones like this isn't necessarily a bad thing, and the overhead of a few bytes in this text file that is always changed anyways when a new build happens (since version #'s change) isn't a big deal.
,
Oct 28 2016
Okay. I do want to point out to Zixuan, only use that string to find a directory in chromeos-image-archive. You can't reliably extract the board name or software version from it, since there are special cases that can lead to very different formats. It is totally legit to get a string of the format: foobar/1234 For a release build of peppy at version R42-6802.0.0.
,
Oct 28 2016
|
||
►
Sign in to add a comment |
||
Comment 1 by dgarr...@chromium.org
, Oct 28 2016