On Tue, Dec 15, 2015 at 2:03 PM, Mariano Lopez <mariano.lo...@linux.intel.com> wrote: > There is an initiative to track vulnerable software being built (see bugs > 8119 and 7515). The idea is to have a testing tool that would check the > recipe versions against CVEs. In order to accomplish such task there is need > to reliable mark the patches from upstream that solve CVEs.
I support this initiative and I also second the preference for the tag in the patch header. It is easy to add, grep for, and simple. -- Otavio Salvador O.S. Systems http://www.ossystems.com.br http://code.ossystems.com.br Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
