Hello all, During the cve-check work, the cve-extra-exclusion.inc file is causing difficulties. It is a global place for all CVEs, without linking them to the recipe or package affected. When we do not generate the CVE data at build, we have no information which of those ignores apply to each recipe - and we get the whole list for every single package...
What about suggesting everyone to put CVE_STATUS by default in the affected recipe, and not in that file? When we have agreed on the place to put overrides, they need to store which recipe/package the override applies to. And then remove that file if possible. Opinions? Kind regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#200871): https://lists.openembedded.org/g/openembedded-core/message/200871 Mute This Topic: https://lists.openembedded.org/mt/106740990/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
