On 04/06/2011 02:16 PM, Richard Purdie wrote: > On Wed, 2011-04-06 at 10:35 -0700, Tom Rini wrote: >> On 04/06/2011 10:26 AM, Khem Raj wrote: >>> On Wed, Apr 6, 2011 at 10:10 AM, Tom Rini <tom_r...@mentor.com> wrote: >>>> On 04/06/2011 10:05 AM, Khem Raj wrote: >>>>> On Wed, Apr 6, 2011 at 7:30 AM, Tom Rini <tom_r...@mentor.com> wrote: >>>>>> On 04/05/2011 11:18 PM, Khem Raj wrote: >>>>>>> On Tue, Apr 5, 2011 at 5:38 PM, Tom Rini <tom_r...@mentor.com> wrote: >>>>>>>> The previous 5.7 release was relatively close to 5.8 due to it bringing >>>>>>>> in a patch to sync with upstream work-in-progress. We skip over the >>>>>>>> 5.8 release and move to 5.9. >>>>>>> >>>>>>> >>>>>>> there already are patches for 5.9 available too >>>>>>> ftp://invisible-island.net/ncurses/5.9/ncurses-5.9.patch.gz >>>>>> >>>>>> Wrong link? That reverse applies to ncurses 5.9 release. But >>>>>> regardless, is ncurses something we need to be tracking top of tree for? >>>>>> It seems like we needed to for 5.7 since there had been a lot going on >>>>>> without a release but that seems to have changed now. >>>>>> >>>>> >>>>> those patches usually contain critical bug fixes including security >>>>> updates >>>>> so it will be of interest to keep track of it >>>> >>>> Well, it doesn't currently. And while I agree we need to do a good job, >>>> everywhere, of keeping track of security updates, I don't think we >>>> should move back to depending on a site that frequently removes patches. >>>> >>> >>> yes. cache the patches like yocto did for 5.7 recipes >> >> That still leaves the problem of there not being a valid patch there at >> the moment. And I still don't see why ncurses needs to be in the bucket >> of recipes we track the scm for rather than relying on the latest stable >> release. > > It sounds like these patches are more like tracking an SCM rather than a > source of specific security patches or critical updates. > > I think it might be wise to note this location in the recipe as a > comment (can someone please send an updated patch) but I don't think we > should be including these patches by default, particular if upstream are > making regular releases again.
I'll go v2 it -- Tom Rini Mentor Graphics Corporation _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
