* akuster808 <[email protected]> [151212 22:14]: > On 12/07/2015 11:49 PM, Anders Darander wrote: > > Hi,
> > * Armin Kuster <[email protected]> [151208 02:49]: > >> meta/recipes-connectivity/openssl/openssl_1.0.2d.bb | 4 ++++ > >> 1 file changed, 4 insertions(+) > > I'm just a little curious about this serious, and a few others that I've > > seen recently. They all add a number of CVE-patches, with one commit per > > patch, and as the last commit, they all get added to SRC_URI in a single > > patch. > > What's the reason to do it like this? i > Each CVE patch can be leveraged independently so back porting to other > branches is simpler and less work. The recipe file is where merge > conflicts will occur. Not all CVE's are weighted the same so someone who > has a product in the field can easily cherry pick the CVE's they want or > need. This was talked about on IRC a few weeks ago. Well, you have the obviuos risk of backporting a fix, and assuming that it gets applied. The confligt will anyway appear on in the recipe, so there's no real issue. Handling that conflict (which is easy to spot and solve) will also ensure that you're aware of the fact that you have a difference between your local branch and upstream. > > I'd personally prefer to have each CVE-path also add the patch to > > SRC_URI, as that make cherry-picking more straightforward. And it also > > ensures that if we have a need to bisect some issue, that'll work. At > > the same time that will make the meta-data consistent, i.e. no dead > > patches. > > I'd personally even prefer that whole series squashed to one commit, > > compared to this adding a lot of un-applied patches. > That would add more overhead to the work I do internally as I need them > in the format you have seen here. Sure, I don̈́'t want the squashed patch either, but I want commit that introduces a patch to also apply it. > Are this patches not in the preferred method as described on wiki? In my opinion, the patches should be applied by the commit adding them. Otherwise, we've got commits that just adds dead weight to the meta-data. Just as we prefer a commit that removes a patch from SRC_URI to also remove the actual patch itself. Cheers, Anders -- Anders Darander, Senior System Architect ChargeStorm AB / eStorm AB -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
