[OE-core] [RFC][PATCH 1/2] nss: Move to meta-oe
Alexander Kanavin
alex.kanavin at gmail.com
Wed Mar 4 12:13:19 UTC 2020
On Wed, 4 Mar 2020 at 12:32, Adrian Bunk <bunk at stusta.de> wrote:
> I am sure there will be an update to the announcement if this doesn't
> reflect current reality.
>
Who is expected to do the actual work of tracking CVEs, making action
points and performing the actions? The current reality is this: the
security update work is done ad hoc by community, even for stable branches.
There is no rigorous security process like in Debian, and no roles to
follow in that process. This means that if no one bothers to make a patch,
the security issue will remain unfixed, and this does happen often. If you
are expecting anything else (e.g. that listed recipe maintainers should do
something), you're setting yourself up to be disappointed.
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20200304/cf4b138e/attachment.html>
More information about the Openembedded-core
mailing list