On Sat, 2023-09-30 at 12:33 -0400, Bruce Ashfield wrote: > On Sat, Sep 30, 2023 at 7:07 AM Richard Purdie > <richard.pur...@linuxfoundation.org> wrote: > > > > > I had some difficulties with this series since it doesn't apply > > against > > master. The issue was that someone else had updated the kernel CVEs > > and > > those changes weren't in your tree (nor was the btrfs upgrade). > > This > > meant all the cve inc changes threw errors. We will likely need to > > assume someone will update the CVE includes semi regularly just so > > we > > can keep the noise on the CVE reports down. > > > > > That's odd. I always do a pull --rebase before sending my changes, > but yet none of them showed up (on any of my builders, so I had 3x > machines running that queue of patches and none of them had the > changes from master).
I don't know what happened but you were definitely not on a recent master branch as the changes did not apply. > For the kernel CVEs. They either need to be part of my kernel > releases or not. I've updated my scripts, and they'll always be > updated as part of the process. Having something / someone else > update that file is just a huge pain, and we shouldn't do that. The question is whether you're able to just update the CVE revisions out of cycle with the kernel point release bumps? With the number of CVEs coming through, the files may need updating a little more frequently than we add new kernel point releases. I know the plan is this "goes away" when the kernel cves repo is worked into the cve check workflow so hopefully we don't have this for too long. Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188462): https://lists.openembedded.org/g/openembedded-core/message/188462 Mute This Topic: https://lists.openembedded.org/mt/101665418/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
