On Sun, Feb 23, 2020 at 04:25:18PM -0800, Khem Raj wrote: > On Sun, Feb 23, 2020 at 11:34 AM Adrian Bunk <b...@stusta.de> wrote: > > > > rpm was the last user in OE-core. > > we should also assess external dependencies especially on libraries, > there might be layers which do not depend on meta-oe but use nss > or enable nss packageconfigs in core components like curl. >...
Is providing a crypto library in OE-core without providing security support better than not shipping it? nss in warrior seems to lack fixes for at least 5 CVEs. cu Adrian -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
