[OE-core] RFC: exposing information about the SRC_URI(s)/branch via buildhistory (or similar mechanism)

chris.laplante at agilent.com chris.laplante at agilent.com
Fri Aug 2 15:14:39 UTC 2019


> > I've patched our tree so that SRC_URI, LICENSE and CVE_PRODUCT are
> > archived in buildhistory. SRC_URI has many uses and changes and
> > patches can be easily identified. Same with LICENSE, any changes
> > trigger a review. CVE_PRODUCT is exported so that we can do QA check
> > to make sure mapping from CVE_PRODUCT for non CLOSED licenses exists
> > to NVD database product names (maintaining a white list of recipes
> > which don't have any CVEs yet).
> 
> I think this supports my point about being more interested in patches
> allowing people to extend/customise buildhistory than just adding X.
> 
> Whilst we want to have good defaults, there are always going to be
> niche cases for people wanting to extend it...


Agreed. Then we can implement our BRANCH scheme without polluting the core code with it. 

Chris


More information about the Openembedded-core mailing list