On Fri, Jul 26, 2024 at 2:24 PM Ross Burton <[email protected]> wrote:
> On 24 Jul 2024, at 16:25, Marta Rybczynska via lists.openembedded.org > <[email protected]> wrote: > > > > This file contains CVE_STATUS without machine-readable information on > which > > recipe it applies to. All entries should be verified and, if appropriate, > > moved to their corresponding recipes. > > The point of this file was to be an opt-in for more exclusions where we > didn’t feel 100% confident asserting the issues could be ignored. > > How much of a problem is it if this file contains a a limited number of > CVEs? We can review what is in there and move/remove as needed to cut it > down. > With the vex class (and with SPDX too, I think) they end up copied present in every single package of the build. This brings enormous confusion. Impossible to filter them out as there is no information about the affected recipe/package. Kind regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#202535): https://lists.openembedded.org/g/openembedded-core/message/202535 Mute This Topic: https://lists.openembedded.org/mt/107525297/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
