[oe] Encouraging distros to use newer recipe versions?
Richard Purdie
rpurdie at rpsys.net
Sat Mar 6 15:10:40 UTC 2010
On Sat, 2010-03-06 at 09:00 -0600, Mike Westerhof wrote:
> Does it make any sense to create a class (or extend the sanity or
> testlab classes) so that OE can inform someone when a given build is
> using a recipe that can be considered obsolete? Perhaps we might also
> add a bit more encouragement if it were possible to have that same
> class call out builds that have selected versions with known security
> vulnerabilities.
>
> This would certainly help me with the distro I maintain -- one of the
> questions I cannot easily answer, and therefore tend to ignore, is
> "exactly how out-of-date has my distro become?".
>
> I have no patches to do such a thing, and neither do I have time to
> create such a thing at this point in time, but perhaps if someone
> thinks this is worthwhile time can be made for it...
I've been keeping half an eye on what Holger has been doing and yes, I
think this could be desirable. Its also rather straightforward to do.
Simply create a new variable
SECURITY_ISSUES_PRESENT = "This package has know security issues of: X,
Y, Z"
and then have insane.bbclass choke on this printing the messages unless
you set a variable ILOVESECURITYHOLES = "1"
:)
Cheers,
Richard
More information about the Openembedded-devel
mailing list