[OE-core] [RFC][PATCH 1/2] nss: Move to meta-oe
Adrian Bunk
bunk at stusta.de
Thu Feb 27 13:27:29 UTC 2020
On Mon, Feb 24, 2020 at 08:32:24AM -0800, akuster808 wrote:
>...
> On 2/23/20 9:17 PM, Adrian Bunk wrote:
> > On Sun, Feb 23, 2020 at 04:25:18PM -0800, Khem Raj wrote:
> >> On Sun, Feb 23, 2020 at 11:34 AM Adrian Bunk <bunk at stusta.de> wrote:
> >>> rpm was the last user in OE-core.
> >> we should also assess external dependencies especially on libraries,
> >> there might be layers which do not depend on meta-oe but use nss
> >> or enable nss packageconfigs in core components like curl.
> >> ...
> > Is providing a crypto library in OE-core without providing security
> > support better than not shipping it?
> >
> > nss in warrior seems to lack fixes for at least 5 CVEs.
>
> I don't see how that is relevant to the RFC?
>...
It is a crypto library with a history of unfixed CVEs in supported
stable Yocto releases.
> - armin
cu
Adrian
More information about the Openembedded-core
mailing list