On 09/23/2016 07:25 PM, akuster808 wrote:
No this demonstrates that folks do want to help out. They to the best
they can with their abilities and situation. The community has made a
lot of noise about how important it is to address security issues.
Except a few of us who do send patches, the community as a whole does
not stepped up to the table to help out.
Opensource is not an all or nothing proposition. I for one appreciate
contributions folks make in this area.
If folks want to help out, they'd better spend their time building
automated CI infrastructure that allows us to upgrade openssl to 1.0.2j
in stable releases without the paralyzing fear of breaking things. I
appreciate the intent to help, but I don't see the actual contribution
(of randomly backporting CVEs) as particularly useful in the long run.
Alex
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
