[OE-core] [PATCH 1/1] binutils: fix PV to respect upstream tag and also cve database
Burton, Ross
ross.burton at intel.com
Thu Mar 28 13:50:51 UTC 2019
On Thu, 28 Mar 2019 at 13:47, Tom Rini <trini at konsulko.com> wrote:
> > > I just had a look at the code in bitbake and yes, it actually even
> > > tests that 1 < 1.0. I'd say that there's an argument for handling .0
> > > releases specially and considering 2.32 == 2.32.0.
> >
> > Of course that test exists for people using feeds, and at least dpkg
> > thinks 2.32 < 2.32.0, so even if we changed the test the feed would
> > still be broken.
>
> Breaking feeds on purpose is bad, so this is a case to pump PE?
Bumping PE is even worse as a PE never goes away. I say we leave it
as it is, and ask upstream nicely if they'll match the tag/version in
the future.
The CVE problem can be resolved by setting CVE_VERSION.
Ross
More information about the Openembedded-core
mailing list