[yocto] General policies for CVE fixes
akuster
akuster at mvista.com
Mon Oct 17 12:28:48 PDT 2016
On 10/17/2016 12:11 PM, Sona Sarmadi wrote:
>
> Hi all,
>
> From https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance:
>
> /General policies: /
>
> * /Fixes must go into master first unless they are applicable only
> to the stable branch; if back-porting to an older stable branch,
> the fix should first be applied to the newer stable branches
> before being back-ported to the older branch/
>
> Does anyone know the reason for the policy above i.e. why fixes have
> to go to master first?
>
/
This is standard open source policy. The latest version of something
gets the fix first (if applicable) than is propagated to older versions.
/
>
> 1)It makes more sense at least for users to get CVE fixes as soon as
> possible in the maintenance branches.
>
This leads to Master or other newer branches not being fixed.
> 2)Normally the versions are different in master and maintenance
> branches so different patches are required.
>
Correct.
- Armin
>
> Thanks
>
> //Sona
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20161017/3f51a5e2/attachment.html>
More information about the yocto
mailing list