[Openembedded-architecture] [RFC] Mark of upstream CVE patches
Burton, Ross
ross.burton at intel.com
Tue Dec 15 17:23:01 UTC 2015
On 15 December 2015 at 17:17, Richard Purdie <
richard.purdie at linuxfoundation.org> wrote:
> FWIW I like the proposal as above adding a tag to the patches.
>
My initial thought was "tag in filename" for convenience but the inability
for a single patch to fix multiple CVEs is quite a downside, so agreed.
If nobody objects to that we need to update the patch submission
> guidelines so that everyone is aware of this and then we can ask people
> to follow the guidelines when they don't put the field in, much as we
> do with Upstream-Status already.
>
Whilst we're updating the guidelines can we change Upstream-Status: Denied
to Rejected...
Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-architecture/attachments/20151215/1383ca57/attachment-0002.html>
More information about the Openembedded-architecture
mailing list