Hi, At the moment we don't really have a policy for oe-core bugs in bugzilla.yoctoproject.org that apply to multiple releases, for example https://bugzilla.yoctoproject.org/show_bug.cgi?id=9400. This is a CVE bug that should be fixed in all supported branches, and indeed Sona has sent patches for Fido/Dizzy/Jethro/master. Of course now we've got to track where these patches are in the submission process and ensure that we don't drop any of these, but bugzilla only has a single target milestone for each bug.
I propose that for bugs such as this we file a bug report for master and then clone it (there's a Clone This Bug button at the bottom) for each stable release that is affected. Then each bug can have it's own target milestone set and we can be sure that the patches don't get left out of being merged and that QA can effectively verify each branch. Any objection or feedback? (the first person to suggest moving to Jira gets to manually review all CVEs from CVE-1999-0001 onwards are fixed in krogoth). Ross
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
