On Wednesday, 30 August 2017 13:51:47 PDT Mats Wichmann wrote: > iotivity no longer "ships" mbedtls, leaving it to the developer to pull > it from the upstream git themselves. however, once they do, we will end > up doing: > > git checkout -f development && git reset --hard mbedtls-2.4.2 > > before applying the iotivity patch and proceeding. > > The note below says we should upgrade to 2.6.0 to address the CVE. > > How should we react to this?
We should stop telling people to reset to 2.4.2. And we need to update the patch we ask people to apply for every one of our releases. It should be done on top of the latest stable. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center _______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev
