[yocto] General policies for CVE fixes
Sona Sarmadi
sona.sarmadi at enea.com
Wed Oct 26 23:23:49 PDT 2016
> > Yes regressions (forgetting to fix bugs in master) are bad. I believe
> > there are other ways to avoid this, Yocto project has a bug reporting
> > system to have track of such things, right?
> The issue there is if Jethro gets a fix and Krogoth, morty and mater need it
> as well, the bug system implies someone else is going to have to do the
> work.
> That is the problem. Not too many people are stepping up to do the work
> in the other branches.
>
> >
> > Maintenance branches are likely deployed in production systems, I
> > think Fixing security problems here should have higher priority.
> You are more than welcome to submit patches for the stable branch you
> are concerned about knowing the patches wont be applied until the
> parent branches are addressed first.
>
> > Don't you agree?
> >
> > Perhaps we should discuss this at next OEDEM :)
> We have and until more people step up to help, this will be a constant
> issue.
>
> -armin
I see your point, they are absolutely valid. Thanks.
//Sona
More information about the yocto
mailing list