On Mon, Jun 5, 2023 at 6:48 PM Richard Purdie < [email protected]> wrote:
> On Mon, 2023-06-05 at 16:31 +0000, Ross Burton wrote: > > I did some triage of the CVEs in this list but realised that this > > file is a bad location for them: whilst we don’t expect people to > > switch out most recipes, we do have to expect BSPs to switch the > > kernel, so by accumulating a list of exclusions in this recipe that > > are based on the current version of linux-yocto we may negatively > > impact on people using a BSP which, for example, uses a 5.10 kernel. > > > > Should we move the kernel-specific exclusions, where they’re being > > done because they’re fixed in a release we ship, to the linux-yocto > > recipe? > > A specific include with "6.1" in the name might be a good way to do it > so that others who follow the same stable series updates could reuse > it? > > This is definitely better to have a specific file. However, I know some BSPs that stay at x.0 version of the kernel and if they include such a file, they will have a false sense of security... Kind regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#182411): https://lists.openembedded.org/g/openembedded-core/message/182411 Mute This Topic: https://lists.openembedded.org/mt/99344319/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
