The winner was selected live on the #yocto irc channel this morning: (07:10:59 AM) sakoman: **** Time to select the CVE raffle winner **** (07:11:38 AM) sakoman: Looks like there are 50 entries: (07:11:42 AM) sakoman: steve@octo:~/Desktop$ wc -l cve-raffle-sorted-nodups (07:11:42 AM) sakoman: 50 cve-raffle-sorted-nodups (07:12:04 AM) sakoman: And the winner by random selection is: (07:12:21 AM) sakoman: steve@octo:~/Desktop$ shuf -n 1 cve-raffle-sorted-nodups (07:12:21 AM) sakoman: CVE-2020-1971: Robert Joslyn <[email protected]>
Congrats Robert! And thanks for helping reduce the number of CVEs. Please contact me off list with your shipping address and choice of coffee or tea. Thanks to all who participated, I really appreciate the help! Steve On Mon, Nov 30, 2020 at 7:12 AM Steve Sakoman <[email protected]> wrote: > > We've been making good progress on reducing the number of issues > reported by the CVE checker. We went from 202 on August 16 to 59 on > November 29. > > Some of these reductions have come from sending in corrections to the > CVE database where there were errors in version matching, and others > have come from backported fixes or whitelisting.. Many thanks to all > who have helped! > > To encourage more folks to contribute to this effort I'm going to be > holding a raffle during the month of December. You'll get one entry > for each CVE fix patch that I merge into dunfell. And a database > update that results in a reduction in dunell reported issues will also > get you an entry. > > The prize? A bag of fresh roasted whole bean coffee from my small > coffee orchard here on the Big Island of Hawaii. If the winner isn't > a coffee drinker I'll try to get some locally grown tea as a > substitute prize. > > The fine print: > > 1. Patches and database update requests must be submitted during the > month of December to receive a raffle entry. > > 2. CVE patch submissions should follow the guidelines in the "Patch > name convention and commit message" section of > https://wiki.yoctoproject.org/wiki/Security > > 3. If the patch also applies to master please send the patch for > master and note that it should be backported to dunfell/gatesgarth as > appropriate. I'll pull this type of patch into dunfell only after it > hits master. > > 4. CVE database update requests should be sent to: > [email protected] You should note the CVE number and provide > supporting links for why you think an update is appropriate. When you > receive a "Thank you for bringing this to our attention. We appreciate > community input" response please forward a copy to me. I'll add your > raffle entry to the pool when the database is updated and the dunfell > cve count reduced. > > 5. To help avoid people working on the same CVE's I'll start a "CVE > raffle: collision avoidance" thread on this list. Just do a quick > reply noting which CVE you plan to work on. Please don't claim one > unless you really intend to follow through! > > Steve
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146441): https://lists.openembedded.org/g/openembedded-core/message/146441 Mute This Topic: https://lists.openembedded.org/mt/79479760/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
