On Fri, 2023-05-05 at 13:18 +0200, Andrej Valek via lists.openembedded.org wrote: > CVE_CHECK_PATCHED - should contains an additional CVEs which have been > fixed and shouldn't be mark as vulnerable nor ignored. > > Signed-off-by: Andrej Valek <andrej.va...@siemens.com> > --- > meta/classes/cve-check.bbclass | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass > index bd9e7e7445c..957ea0130dc 100644 > --- a/meta/classes/cve-check.bbclass > +++ b/meta/classes/cve-check.bbclass > @@ -78,6 +78,11 @@ CVE_CHECK_SKIP_RECIPE ?= "" > # > CVE_CHECK_IGNORE ?= "" > > +# Usually a CVE gets treated as patched when a patch with the name of the CVE > +# gets applied. Basically this variable should not be used. But if there are > +# other reasons to mark a CVE as patched it can be added to this list. > +CVE_CHECK_PATCHED ?= ""
We're not adding variables which are documented as "Basically this variable should not be used.". If you shouldn't need/use it, we don't need it. Can't you just use the ignore variable for the same end result? Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#180912): https://lists.openembedded.org/g/openembedded-core/message/180912 Mute This Topic: https://lists.openembedded.org/mt/98703185/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
