Op 22 apr 2011, om 12:00 heeft Scott Garman het volgende geschreven: > On 04/22/2011 12:24 AM, Saul Wold wrote: >> From: Scott Garman<[email protected]> >> >> * Addresses CVE-2003-0655 >> * Fixes [YOCTO #976] >> >> Note that the license has changed to the CDDL for most utilities. >> >> Note the following discussion of distribution issues with mixing GPL >> and CDDL licenses: >> >> http://lwn.net/Articles/195167/ >> >> This should not impact us at this is a -native recipe only. >> >> Recipe changes derived from OpenEmbedded. >> >> Signed-off-by: Scott Garman<[email protected]> > > Please skip this patch - the CDDL is a weird license and may pose problems > for us to distribute its sstate-cache. > > The problem reported in the CVE is in a particular utility within cdrtools > that we don't need, so I'm going to resolve the security advisory by not > packaging that file, and stick with the GPL version we were previously using.
In OE.dev we switched to cdrkit to get rid of the Schilly factor, maybe oe-core can do something similar. regards, Koen _______________________________________________ Openembedded-core mailing list [email protected] http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
