On Wed, 4 Mar 2020 at 12:32, Adrian Bunk wrote:
> I am sure there will be an update to the announcement if this doesn't
> reflect current reality.
>
Who is expected to do the actual work of tracking CVEs, making action
points and performing the actions? The current reality is this: the
security
On Wed, Mar 04, 2020 at 10:36:52AM +0100, Alexander Kanavin wrote:
> You are misinterpreting the announcement. The security updates are provided
> by users as patches to the mailing list, maintainers merely collect and
> integrate them. There is no promise from the project to do anything else,
> an
You are misinterpreting the announcement. The security updates are provided
by users as patches to the mailing list, maintainers merely collect and
integrate them. There is no promise from the project to do anything else,
and LTS doesn’t change that, it only extends the maintainer duty from one
yea
On Thu, Feb 27, 2020 at 03:03:18PM +0100, Alexander Kanavin wrote:
> On Thu, 27 Feb 2020 at 14:28, Adrian Bunk wrote:
>
> > >...
> >
> > It is a crypto library with a history of unfixed CVEs in supported
> > stable Yocto releases.
> >
>
> If the issue is unfixed CVEs, then I do not think it's pa
On Thu, 27 Feb 2020 at 14:28, Adrian Bunk wrote:
> >...
>
> It is a crypto library with a history of unfixed CVEs in supported
> stable Yocto releases.
>
If the issue is unfixed CVEs, then I do not think it's particularly
relevant which layer the recipe is in. Stable release maintainers are not
On Mon, Feb 24, 2020 at 08:32:24AM -0800, akuster808 wrote:
>...
> On 2/23/20 9:17 PM, Adrian Bunk wrote:
> > On Sun, Feb 23, 2020 at 04:25:18PM -0800, Khem Raj wrote:
> >> On Sun, Feb 23, 2020 at 11:34 AM Adrian Bunk wrote:
> >>> rpm was the last user in OE-core.
> >> we should also assess extern
Adrian,
On 2/23/20 9:17 PM, Adrian Bunk wrote:
> On Sun, Feb 23, 2020 at 04:25:18PM -0800, Khem Raj wrote:
>> On Sun, Feb 23, 2020 at 11:34 AM Adrian Bunk wrote:
>>> rpm was the last user in OE-core.
>> we should also assess external dependencies especially on libraries,
>> there might be layers
On Sun, Feb 23, 2020 at 04:25:18PM -0800, Khem Raj wrote:
> On Sun, Feb 23, 2020 at 11:34 AM Adrian Bunk wrote:
> >
> > rpm was the last user in OE-core.
>
> we should also assess external dependencies especially on libraries,
> there might be layers which do not depend on meta-oe but use nss
> o
On Sun, Feb 23, 2020 at 11:34 AM Adrian Bunk wrote:
>
> rpm was the last user in OE-core.
>
we should also assess external dependencies especially on libraries,
there might be layers which do not depend on meta-oe but use nss
or enable nss packageconfigs in core components like curl.
> Signed-of
rpm was the last user in OE-core.
Signed-off-by: Adrian Bunk
---
meta/conf/distro/include/maintainers.inc | 1 -
...figure-option-to-disable-ARM-HW-cryp.patch | 52
...0001-nss-fix-support-cross-compiling.patch | 48 ---
meta/recipes-support/nss/nss/blank-cert9.db | Bin 28672 ->
10 matches
Mail list logo