On Fri, Oct 25, 2019 at 07:51:27AM -0700, akuster808 wrote:
> On 10/25/19 3:04 AM, Adrian Bunk wrote:
>...
> > Did anyone already bring up the idea of piggy-backing security support
> > from a different distribution?
> Is this just taking patches from Ubuntu and getting them applied to the
> recipes or somehthing else?
Yes, that's what it is.
>...
> > Giving preference to "same version as in Ubuntu" over "latest upstream
> > version" when upgrading packages for Yocto 3.1 would make it easier to
> > take security fixes directly from Ubuntu.
> Why not just use meta-debian? Woudn't OE/YP just become another Debian
> derivative?
Debian/Ubuntu and Yocto are very different distributions with differing
usecases.
In any case Yocto and Ubuntu are already somehow similar in the software
they ship since the release dates are always quite nearby.
>...
> > Piggy-backing security support from Ubuntu would require to define right
> > now a list of recipes that have frequent CVEs, have 5 years support in
> > Ubuntu, and where Yocto 3.1 should provide the same upstream version as
> > Ubuntu 20.04.
> Are you suggesting OE/YP to align package versions with ubuntu?
Exactly.
> > And then run automated checks on that in oe-core master-next,
> > as well as teaching AUH about it.
> Who would do that work?
Who will provide LTS security support for several years?
My suggestion is about doing work now for reducing the maintainance
work later.
> - Armin
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
_______________________________________________
Openembedded-architecture mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-architecture
