On Thu, 27 Feb 2020 at 14:28, Adrian Bunk <b...@stusta.de> wrote: > >... > > It is a crypto library with a history of unfixed CVEs in supported > stable Yocto releases. >
If the issue is unfixed CVEs, then I do not think it's particularly relevant which layer the recipe is in. Stable release maintainers are not expected to 'track and fix CVEs', that one is on users. Alex
-- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
