[OE-core] [PATCH 02/33] cdrtools: upgrade to v3.00
Scott Garman
scott.a.garman at intel.com
Fri Apr 22 10:00:38 UTC 2011
On 04/22/2011 12:24 AM, Saul Wold wrote:
> From: Scott Garman<scott.a.garman at intel.com>
>
> * Addresses CVE-2003-0655
> * Fixes [YOCTO #976]
>
> Note that the license has changed to the CDDL for most utilities.
>
> Note the following discussion of distribution issues with mixing GPL
> and CDDL licenses:
>
> http://lwn.net/Articles/195167/
>
> This should not impact us at this is a -native recipe only.
>
> Recipe changes derived from OpenEmbedded.
>
> Signed-off-by: Scott Garman<scott.a.garman at intel.com>
Please skip this patch - the CDDL is a weird license and may pose
problems for us to distribute its sstate-cache.
The problem reported in the CVE is in a particular utility within
cdrtools that we don't need, so I'm going to resolve the security
advisory by not packaging that file, and stick with the GPL version we
were previously using.
Sorry for the confusion.
Scott
--
Scott Garman
Embedded Linux Engineer - Yocto Project
Intel Open Source Technology Center
More information about the Openembedded-core
mailing list