Hello,
seems that opkg let install a local downloaded ipk without checking the signature. Signature check seems provided only when you install/upgrade from remote site. In term of security if i've root access and sftp server running i can install quite everithings. I think that the same situation is for kernel modules.
Is my analisysy correct ? if so how to avoid the security issue ?
Thanks in advance
B/R
Fabio