On 20 Sep 2024, at 09:53, Robert Yang via lists.openembedded.org <liezhi.yang=windriver....@lists.openembedded.org> wrote: > The VENDOR_REVISION is for cve scanners to know the CVEs have been fixed in a > lower version, CVE scanners such as Trivy can know the CVEs have been fixed in > a higher version, but it can't know the CVE is fixed in a lower version > without > a helper, we have the following ways to set the helper:
I understand what you're trying to do here, but the class doesn’t just work on its own out of the box, as there needs to be further configuration and workflow to make it actually useful, and the only users it is useful for are people who are maintaining a binary distribution and have sufficient clout to update the CVE tooling. I suggest that you keep this class in your Wind River Linux layer. Cheers, Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#205169): https://lists.openembedded.org/g/openembedded-core/message/205169 Mute This Topic: https://lists.openembedded.org/mt/108555445/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
