Thanks for confirming. I wouldn't expect OE to be able to have any knowledge
of "sneaky" downloads of additional packages.
I have an idea to enhance create-spdx.bbclass so sneaky recipes can fess-up and
tell create-spdx about any additional packages they downloaded. If you could
implement
-lock.json
Package-lock docs:
https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json
I want my SBOM to include the webui-vue application together with each
of the NPM packages it uses.
How can I do that?
Sincerely,
Joseph Reynolds
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all
Thank you!
Forwarded Message
Subject: Re: [yocto-security] Unicode Bidi CVE-2021-42574 - tool to
list source files?
Date: Wed, 02 Feb 2022 09:39:06 +
From: Richard Purdie
To: Joseph Reynolds , Mark Hatle
, yocto-secur...@lists.yoctoproject.org,
Armin Kuster
On Tue, 2022-0
What are the next steps for this?
https://github.com/openembedded/openembedded-core/pull/63
>This enhances extrausers with a new passwd-expire command that causes
a local user's password to be expired as if the |passwd --expire|
command was run, so the password needs to be changed on initial
Dear openembedded-core members,
How can I avoid bringing Python into my image via libpwquality? I need
to keep my image size small. My bbappend uses EXTRA_OECONF +=
"--enable-python-bindings=no" to take advantage of the source project's
configuration option [1], but because
FYA, the dropbear SSH server "expired password dialog" patch is ready
for review. With this patch, if you ssh into the dropbear server
(configured to use Linux PAM) and your password is expired, the SSH
server lets you change your password while logging in. (Before this
patch, dropbear would
, 16 Nov 2019 at 23:14, Joseph Reynolds <mailto:j...@linux.ibm.com>> wrote:
Is there a best practice for folks who want to put the build date
into
their generated os-release file? I've seen this question come up at
least 3 times in my brief involvement with OE. I coul
On 11/17/19 3:19 PM, openembedded-core-requ...@lists.openembedded.org wrote:
>Message: 4 >Date: Sun, 17 Nov 2019 22:19:32 +0100 >From: Alexander
Kanavin >To: Joseph Reynolds
>Cc: OE-core
>Subject: Re: [OE-core] How
to add build date? (was: ... basehash value > ch
On 11/18/19 3:53 AM, Ross Burton wrote:
On 16/11/2019 21:56, Joseph Reynolds wrote:
Is there a best practice for folks who want to put the build date
into their generated os-release file? I've seen this question come
up at least 3 times in my brief involvement with OE. I could perhaps
add
would like to hear your ideas.
- Joseph
Forwarded Message
Subject: Re: how to solve the error that basehash value changed from
'xxx' to '' ?
Date: Sat, 16 Nov 2019 15:50:38 -0600
From: Joseph Reynolds
To: www , open...@lists.ozlabs.org
Byron,
What
On 7/15/19 3:58 PM, Adrian Bunk wrote:
On Mon, Jul 15, 2019 at 03:38:57PM -0500, Joseph Reynolds wrote:
Enhances dropbear with a new feature "disable-weak-ciphers", on by default.
This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers in
the dropbear ssh server
zation can be done with local_options.h as usual.
Tested: On dropbear_2019.78.
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Joseph Reynolds
Signed-off-by: Richard Purdie
---
meta/recipes-core/dropbear/dropbear.inc| 6 ++-
.../dropbear/dropbear-disable-weak-cip
On 6/30/19 4:58 PM, Richard Purdie wrote:
On Fri, 2019-06-28 at 18:03 -0500, Joseph Reynolds wrote:
From 587a9e5c637ad3e70b8e35a3ca66013693ce7ac7 Mon Sep 17 00:00:00
2001
From: Joseph Reynolds
Date: Wed, 19 Jun 2019 20:16:40 -0500
Subject: [PATCH v2] dropbear: new feature: disable-weak
From 587a9e5c637ad3e70b8e35a3ca66013693ce7ac7 Mon Sep 17 00:00:00 2001
From: Joseph Reynolds
Date: Wed, 19 Jun 2019 20:16:40 -0500
Subject: [PATCH v2] dropbear: new feature: disable-weak-ciphers
Enhances dropbear with a new feature "disable-weak-ciphers", on by default.
This featur
ssh server from older
clients. Additional customization can be done with local_options.h as
usual.
Tested: On dropbear_2019.78.
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Joseph Reynolds
---
meta/recipes-core/dropbear/dropbear.inc| 6 ++--
.../dropbear/dropbe
gt; 96-bit MAC, and triple DES. This is consistent with the default
>> supported OpenSSH ciphers.
>>
>> Upstream-Status: Pending
>>
>> Signed-off-by: Joseph Reynolds
>> ---
>> meta/recipes-core/dropbear/dropbear/localoptions.h | 8
>> 1
This changes the Dropbear SSH server configuration so it will not
accept medium-strength encryption ciphers including: CBC mode, MD5,
96-bit MAC, and triple DES. This is consistent with the default
supported OpenSSH ciphers.
Upstream-Status: Pending
Signed-off-by: Joseph Reynolds
---
meta
patch could be applied to the
Dropbear project itself.
>Ross
>
>On 7 September 2018 at 20:16, wrote:
> This changes the Dropbear SSH server configuration so it will not
> accept medium-strength encryption ciphers including: CBC mode, MD5,
> 96-bit MAC, and triple DES.
&
This changes the Dropbear SSH server configuration so it will not
accept medium-strength encryption ciphers including: CBC mode, MD5,
96-bit MAC, and triple DES.
Upstream-Status: Pending
Signed-off-by: Joseph Reynolds
---
meta/recipes-core/dropbear/dropbear/localoptions.h | 8
1 file
19 matches
Mail list logo
