On Thu, 27 Feb 2020 at 14:28, Adrian Bunk <[email protected]> wrote: > >... > > It is a crypto library with a history of unfixed CVEs in supported > stable Yocto releases. >
If the issue is unfixed CVEs, then I do not think it's particularly relevant which layer the recipe is in. Stable release maintainers are not expected to 'track and fix CVEs', that one is on users. Alex
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
