Hello, Cve-check already has variables disabling the database download. Maybe a rework of the variable set can be an option ti make sure that either both download, or both dont.
It requires a bit of design, however. Kind regards Marta On Mon, 2 Feb 2026, 14:48 vboudevin via lists.openembedded.org, <[email protected]> wrote: > I wanted to indicate that the recipe is not meant to be used with a fixed > commit with a deterministic approach. > > Having ${AUTOREV} by default can lead to many offline issues. > > I guess the correct implementation would be to specify, in the > documentation, the need for "SRCREV:pn-cvelistv5-native = "${AUTOREV}"" to > stay up-to-date with CVE data, and also add this information in a comment > inside the recipe. > > Thank you for your feedback > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#230371): https://lists.openembedded.org/g/openembedded-core/message/230371 Mute This Topic: https://lists.openembedded.org/mt/117534181/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
