Hi, > Le 14 nov. 2023 à 13:25, Petr Štetiar <yn...@true.cz> a écrit : > > Thibaut <ha...@slashdirt.org> [2023-11-14 10:24:28]: > > Hi, > >> I don’t follow, what do security fixes have to do with snapshot builds? > > OpenWrt builds and deliver package fixes continuosly from the snapshot builds. > >> I don’t expect users (that includes myself) to keep constantly looking at >> the git history to find if/when a CVE has been addressed in the snapshot >> builds. > > You're not expected to do this, we send out security advisories if its > important, where you can usually find recommended mitigations, like for > example: > > https://forum.openwrt.org/c/announcements/14 > https://lists.openwrt.org/pipermail/openwrt-announce/2022-October/000033.html > > most of the fixes can be handled with `opkg update; opkg upgrade`
I’m sorry, I must have missed the part where we advertised that master snapshots are a maintained 'release' suitable for use in a security-conscious context :) Anyway, I have added an additional commit to my PR that removes branch priority: while it won’t solve the intrinsic resource waste that our buildbot system currently is, it should assuage the concerns raised in this thread. Cheers, T _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
