[OE-core] [PATCH 1/2] security_flags: turn potential string format security issues into an error
Richard Purdie
richard.purdie at linuxfoundation.org
Thu Apr 28 16:39:43 UTC 2016
On Thu, 2016-04-28 at 09:35 -0700, Khem Raj wrote:
> > On Apr 28, 2016, at 9:22 AM, Richard Purdie <
> > richard.purdie at linuxfoundation.org> wrote:
> >
> > On Thu, 2016-04-28 at 08:58 -0700, Khem Raj wrote:
> > > Can we use _remove operation instead of introducing a new
> > > variable
> > > and emptying it out here.
> >
> > I actually suggested we do the above. The reason is that this way,
> > the
> > user can configure which flags they actually want to use. "remove"
> > also
> > has the problem that its near impossible for the user to override
> > further.
> >
>
> Thats right, and I was of the view that security flags should be one
> set
> and not offered at combination of multiple options, we just end up
> increasing
> the test matrix.
OE-Core will continue to test with all of them, I think its better
thantpeople can disable part of this, than have to disable everything
for their layer though?
Cheers,
Richard
More information about the Openembedded-core
mailing list