The benefit is two-fold: - when EOL point is crossed, and you want to carry on using the branch, there should be an explicit step of saying 'I know it has reached EOL and I'm ok with that, and I will take care of security fixes and ensuring the users of my product aren't exposed to some latest branded vulnerability with a website and a logo'. That step can be adding a local.conf tweak or some such.
- simply increasing awareness of the lifecycles, because not respecting them (out of ignorance, or out of neglect - does not matter) has product security implications for the whole domain. The webpage just isn't doing it. And saying 'everyone should be aware' isn't doing it either. Alex On Tue, 26 Jul 2022 at 00:09, Ruslan Bilovol -X (rbilovol - GLOBALLOGIC INC at Cisco) <[email protected]> wrote: > > I remember that I proposed a similar idea on one > of pre-covid OEDEM meetings during LTS discussions. > > We discussed at least two approaches: date-based > (e.g. after some date bitbake will print the message) > and last-commit based (e.g when maintainer EOLs > the branch his last commit will patch OE so it will > print the message) > > As far as I remember we also discussed disadvantages. > For the date-based approach disadvantage was if someone > forks the branch but in mainline maintainer decided to > extend support, he will patch the EOL date in mainline, > but forked branch won't have it and will post annoying > message during the build. > For the last-commit approach, if someone forks the > branch he will never receive that last commit unless > he merges it, and may think the branch is still maintained > while it isn't. > > Another idea was to do bitbake online check if the release > is still supported (e.g. bitbake reaches some OE/Yocto servers > online) but that may not work for people who don't use > Internet connection for the build (BB_NO_NETWORK option > is enabled) > > There were also some other discussions of that, however > I don't remember any details. > > As a bottom line, we discussed it, but didn't have any action plan > > Thanks, > Ruslan > > ________________________________ > From: [email protected] > <[email protected]> on behalf of Alexander > Kanavin <[email protected]> > Sent: Monday, July 25, 2022 9:13 PM > To: openembedded-architecture > <[email protected]> > Subject: [Openembedded-architecture] should oe-core issue a warning when it > reaches EOL? > > Hello, > > an idea just popped into my head that I don't remember having been discussed: > > Should stable-branch oe-core issue a warning via bitbake when it is > close to EOL and perhaps a stronger warning when it has crossed it? > > I feel that this page: > https://wiki.yoctoproject.org/wiki/Releases > is not enough to ensure the message (of not using EOL yocto) reaches > the users, and we need something better and directly seen by anyone > invoking bitbake. > > Is it a terrible idea? Awesome idea? Ok-ish idea? > > Alex
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1599): https://lists.openembedded.org/g/openembedded-architecture/message/1599 Mute This Topic: https://lists.openembedded.org/mt/92611044/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
