On Sat, 12 Dec 2015 13:14:52 akuster808 wrote: > On 12/07/2015 11:49 PM, Anders Darander wrote: > > Hi, > > > > * Armin Kuster <akuster...@gmail.com> [151208 02:49]: > >> meta/recipes-connectivity/openssl/openssl_1.0.2d.bb | 4 ++++ > >> 1 file changed, 4 insertions(+) > > > > I'm just a little curious about this serious, and a few others that I've > > seen recently. They all add a number of CVE-patches, with one commit per > > patch, and as the last commit, they all get added to SRC_URI in a single > > patch. > > > > What's the reason to do it like this? i > > Each CVE patch can be leveraged independently so back porting to other > branches is simpler and less work. The recipe file is where merge > conflicts will occur. Not all CVE's are weighted the same so someone who > has a product in the field can easily cherry pick the CVE's they want or > need. This was talked about on IRC a few weeks ago.
Well, except they might cherry-pick the fix commit on the assumption that it fixes the CVE, when unfortunately it doesn't because the included patch isn't actually applied within the recipe in that commit. I can see how this makes things slightly easier for backporting, but honestly I don't like it. I don't believe it matches with our practice up to this point either. Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
