Sadly the CVE count for dunfell has been creeping up over the past few months. Several people regularly contribute CVE patches for dunfell and their efforts are much appreciated. But we need more help!
To encourage more folks to contribute to this effort I'm going to be holding a raffle from now through the end of October. You'll get one entry for each CVE fix patch that I merge into dunfell. And a CVE database update that results in a reduction in dunfell reported issues will also get you an entry. The prize? A bag of fresh roasted whole bean coffee from my small coffee orchard here on the Big Island of Hawaii. This coffee won first prize for the Hamakua District in the 2021 State of Hawaii cupping competition. If the winner isn't a coffee drinker I'll try to get some locally grown tea as a substitute prize. The fine print: 1. Patches and database update requests must be submitted during the period September 12 through October 31, 2022 to receive a raffle entry. 2. CVE patch submissions should follow the guidelines in the "Patch name convention and commit message" section of https://wiki.yoctoproject.org/wiki/Security 3. If the patch also applies to master please send the patch for master and note that it should be backported to dunfell/kirkstone as appropriate. I'll pull this type of patch into dunfell only after it hits master. 4. CVE database update requests should be sent to: [email protected] You should note the CVE number and provide supporting links for why you think an update is appropriate. When you receive a "Thank you for bringing this to our attention. We appreciate community input" response please forward a copy to me. I'll add your raffle entry to the pool when the database is updated and the dunfell cve count reduced. 5. To help avoid people working on the same CVE's I'll start a "CVE raffle: collision avoidance" thread on this list. Just do a quick reply noting which CVE you plan to work on. Please don't claim one unless you really intend to follow through! Steve PS: While CVE patches for master and kirkstone are also much appreciated, this raffle is intended to help reduce the dunfell CVE count. So only CVE fixes/database updates that influence the dunfell CVE count will be entered in the raffle.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#170538): https://lists.openembedded.org/g/openembedded-core/message/170538 Mute This Topic: https://lists.openembedded.org/mt/93637037/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
