Hi Richard,
On 3/7/22 12:44, Richard Purdie wrote:
On Mon, 2022-03-07 at 12:26 +0100, Quentin Schulz wrote:
Hi all,
On 3/7/22 12:21, Quentin Schulz wrote:
From: Alexander Kanavin <[email protected]>
Signed-off-by: Alexander Kanavin <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
(cherry picked from commit 6a3289c4786c4d278e2bf0ec1a5e04363772d8bc)
Signed-off-by: Quentin Schulz <[email protected]>
---
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.spinics.net_lists_util-2Dlinux-2Dng_msg17037.html&d=DwICaQ&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=U4eCQXCHnTmgAB4bLm1IJBHGUvY0OlzZwRhwZUecFxMBJMnqgAgrTpTz0IrWUJTR&s=Z_Fk9dO_TkdYJYl46pu81nr28SBx_F4uwjA-u2QRndg&e=
2.37.3 fixes
two CVEs (not listed on nvdist database for some reason).
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.spinics.net_lists_util-2Dlinux-2Dng_msg17087.html&d=DwICaQ&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=U4eCQXCHnTmgAB4bLm1IJBHGUvY0OlzZwRhwZUecFxMBJMnqgAgrTpTz0IrWUJTR&s=FoMkkE5_1EdZcBKwKLGT1JehXLRN8KwCdyEAunBBJIw&e=
2.37.4 fixes
one CVE (not listed on bvdist for some reason).
I think it might be useful for release maintainer(s) if we mention in
the commit log or commit title if it's a security bump or not when
sending patches for version bumps to master? What do you think? (FYI,
Buildroot seems to do it regularly and it helps me with keeping my
vendor tree somewhat up-to-date security wise).
I'm happy if people do mention it (I did for expat recently) but I'm not going
to block upgrades on the information being missing (how would I tell?).
We're struggling to get people to submit upgrades so I'm reluctant to make it
harder for them.
Impossible to enforce anyway, as you just mentioned. But making people
aware that it's a nice thing to do should be doable, e.g. adding a few
words in
https://docs.yoctoproject.org/dev-manual/common-tasks.html#submitting-a-change-to-the-yocto-project
and
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded ?
It was not my intention to suggest add additional rules, sorry if it
came across this way.
Cheers,
Quentin
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162812):
https://lists.openembedded.org/g/openembedded-core/message/162812
Mute This Topic: https://lists.openembedded.org/mt/89609558/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
