Hi, On Thu, Nov 07, 2019 at 01:13:32PM +0200, Adrian Bunk wrote: > On Wed, Nov 06, 2019 at 05:37:15PM +0200, Mikko Rapeli wrote: > > Hi, > > Hi Mikko, > > >... > > I use sumo and due to various reasons like BSP layers, binary > > compatibility, contracts etc can't update to newer release > > or to master branch. I suspect I'm not alone. > > I might end up with similar reasons, but for warrior. > And might end up doing similar longer term updates for warrior. > (not yet 100% certain)
I'm skipping warrior but going to zeus in addition to sumo. After insipiration from Yocto Project Summit I hope to run master branch in some projects with regular updates, and eventually aligning to some stable release again. Hopefully an LTS one :) > >... > > The tooling will expose that sumo is severely lacking in security > > patches, but the tooling is a start for anyone interested, like me, > > to fill the gaps and publish patches for bitbake recipes we care > > about. > >... > > Thud is officially still community maintained, as long as this is true > the point could be made that everything that gets fixed in sumo should > also get fixed in thud. So to keep sumo alive, we should the also keep zeus, warrior and thud, and of course master branch first. For some issues this actually works when the exact same CVE patch applies, but the open question then is testing. How should a developer test a patch before submitting it, or multiple versions of it? I'm testing in project tree with CI and target tests, then compile testing on master. qemu ptest runs would be nice but not sure how to get a stable or useful test set for various branches. To make things more complicated, the project trees sadly contain more backports, fixes and workarounds which are not suitable for upstreaming into stable or even master branches. -Mikko -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
