Hello On 5/11/26 12:42, Paul Barker wrote: (...)
I don't think separating out vim-xxd while keeping vim in OE-core is a significant improvement. There's also the potential to miss CVEs unless we set CVE_PRODUCT to "vim" in vim-xxd, and that will just result in duplication of reports. This also doesn't reduce the amount of time people will spend backporting CVE patches to the LTS branch, and time our LTS maintainer will need to spend reviewing them. So I'd still rather eject vim from OE-core if we can. Best regards,
I don't know how feasible it is to have xxd's source code (i.e. src/xxd/Makefile and src/xxd/xxd.c) in a separate repository, but a brutal/dirty workaround would keeping this couple of files in do_unpack and discard the rest of Vim's sources.
However, this would be somewhat a fork of xxd, so Vim CVEs would still need to be reviewed manually to determine whether they affect xxd.
In any case, having a separate recipe for xxd can make this whole thing easier, regardless if we keep vim in oe-core or not.
-- Best regards, João Marcos Costa
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236818): https://lists.openembedded.org/g/openembedded-core/message/236818 Mute This Topic: https://lists.openembedded.org/mt/119222475/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
