Hi Yoann, I hope you are doing well. I am currently working for Cisco where our team focuses primarily on:
* CVE fixing for OSS packages * Package upgrades * LTP execution and validation * Package testing As part of our work, we also submit CVE fix patches to the community from time to time whenever new vulnerabilities are reported. I am reaching out to understand more about the list of packages that the OpenEmbedded community prefers to upgrade directly instead of applying manual CVE backport fixes within LTS releases. Having this information would help us align our internal workflows with the community strategy and avoid any duplication of effort. Could you please share the details or point me to the relevant documentation or list that outlines this package-upgrade policy for LTS? Thanks in advance for your support, and please let me know if any additional information is needed from my side. Best regards, Deepak Rathore
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#232932): https://lists.openembedded.org/g/openembedded-core/message/232932 Mute This Topic: https://lists.openembedded.org/mt/118275693/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
