On Mon, Mar 18, 2019 at 1:03 PM akuster808 <[email protected]> wrote: > On 3/18/19 8:49 AM, Alexander Kanavin wrote: > > If you do package version upgrades regularly in master, I’d say that you > > eventually learn about whether stable releases can be trusted. I wouldn’t > > need to do any research to say that boost shouldn’t be touched but OpenSSL > > is fine, and can similarly split the rest of what I maintain. > > well openssl broke core and several other layers a few year back and > there was an API change do to security issues and it was done in the > minor dot release. So even that is not guaranteed never to happen again.
Sure; every change comes with a risk however if someone does not want any change they can lock their layer hashes. However, doing manual patches also comes with they own set of risk and limits. I think it should be done per recipe, and as Alexander said, maintainers usually on a good position to know about the upstream history. That does not guarantee breakages won't happen and CI is there to support us. -- Otavio Salvador O.S. Systems http://www.ossystems.com.br http://code.ossystems.com.br Mobile: +55 (53) 9 9981-7854 Mobile: +1 (347) 903-9750 _______________________________________________ Openembedded-architecture mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-architecture
