On Mon, Aug 1, 2022 at 11:18 PM Philip Balister <phi...@balister.org> wrote: > > On 8/2/22 01:01, Otavio Salvador wrote: > > > > Em seg., 1 de ago. de 2022 às 19:41, Richard Purdie > > <richard.pur...@linuxfoundation.org > > <mailto:richard.pur...@linuxfoundation.org>> escreveu: > > > > I do feel that whilst well intentioned, there are too many ways it can > > go wrong in ways that will cause bad feelings towards the project. > > > > What about security flaws that aren't fixed and could lead to a > > compromised device and people not knowing they were using an EOL > > release? That will cause bad feelings towards the project as well. > > > > I see a warning isn't perfect but is a better option than users not > > knowing it is EOL. > > We are trying to use technology to solve a social problem. No amount of > tweaking the code will stop people from making poor choices. > > How can we do a better job of communicating bad practices to the user > baser?
Who is the user base you're referring to? The end customer? They don't see build logs or EOL warnings. The OEM creating releases to add new features to the boxes in the field? They would see the EOL warnings, but don't have skills or motivation to update the underlying version of OE provided to them. The SOC supplier? They make quarterly releases but follow the OE version defined by the Reference Design Kit they're using. They would see the EOL warnings but wouldn't be able to do much about them. The developers of the Reference Design Kit? They have a road-map of features to work on and updating OE versions isn't much fun (and they have a point... they are stretched already and their code is so crufty and brittle that updating OE and being forced into a newer version of gcc etc is going to cause latent bugs to manifest themselves, etc. Updating OE and getting the SOC vendors and other 3rd parties all aligned to it IS a big effort). They would see the EOL warnings too, but it's not new information. They do update OE versions every few years (e.g. OE 1.6 -> OE 2.2 -> OE 3.1) but a lot of deployed boxes have to stay on the older release due to Flash / DRAM limitations or because of the exorbitant amount the WiFi vendor is quoting to rebuild and recertify the WiFi driver (ie their headline announcements of OE updates don't tell the full story). In this kind of ecosystem, who exactly would benefit from nagging EOL build warnings? > Do we have a list of products using bad practices? (I realize > this is its own can of worms though) > > Philip > > > > > > -- > > Otavio Salvador O.S. Systems > > http://www.ossystems.com.br <http://www.ossystems.com.br> > > http://code.ossystems.com.br <http://code.ossystems.com.br> > > Mobile: +55 (53) 9 9981-7854 Mobile: +1 (347) 903-9750 > > > > > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1614): https://lists.openembedded.org/g/openembedded-architecture/message/1614 Mute This Topic: https://lists.openembedded.org/mt/92611044/21656 Group Owner: openembedded-architecture+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
