[yocto] General policies for CVE fixes
akuster808
akuster808 at gmail.com
Mon Oct 17 15:41:04 PDT 2016
On 10/17/2016 02:34 PM, Paul Eggleton wrote:
> On Mon, 17 Oct 2016 15:23:55 Bruce Ashfield wrote:
>> On 2016-10-17 03:11 PM, Sona Sarmadi wrote:
>>> From https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance:
>>>
>>> /General policies: /
>>>
>>> * /Fixes must go into master first unless they are applicable only to
>>>
>>> the stable branch; if back-porting to an older stable branch, the
>>> fix should first be applied to the newer stable branches before
>>> being back-ported to the older branch/
>>>
>>> Does anyone know the reason for the policy above i.e. why fixes have to
>>> go to master first?
>> The kernel has the same policy for -stable kernels. Speaking at a very
>> high level, it simply ensures that the development of maintenance/stable
>> branches does not move ahead of master in terms of fixes.
>>
>> That keeps development focused on the tip, where it belongs (versus
>> companies/people working in silos for an extended period of time), since
>> once in master many branches can benefit from it.
> Another way to think about this is what would happen if we didn't fix it in
> master first, then forgot to go back and do that? master (and the stable
> release that eventually follows from it) would potentially be left without the
> fix, so when you upgraded the vulnerability would come back.
That applies for any fix , security or not.
-armin
>
> Cheers,
> Paul
>
More information about the yocto
mailing list