[oe] samba-essential upgrade or remove?
Martin Jansa
martin.jansa at gmail.com
Mon Mar 15 08:20:39 UTC 2010
On Mon, Mar 15, 2010 at 09:08:24AM +0100, Frans Meulenbroeks wrote:
> > 3.) Remove recipes for vulnerable software when no one is updating them in
> > time... This can be combined with option 2...
>
> These are good plans, but I'm not sure if you will get volunteers for
> 2 and people will definitely complain if you do 3.
For security issues would be nice to adopt some form of Angstrom
blacklist class and put blacklist entry for all vulnerable recipes in
some security-blacklist.conf included from bitbake.conf.
This way it would be easy to show why the recipe is not available (CVE
noted in message shown by blacklist when some image tries to pull that
recipe).
Also it would allow easy blacklist removal for people who don't care
about security and easy to return recipe if someone cares and puts
enough time to fix that issue.
But current code would probably need to extend for blacklist based on
PN-PV not only PN (which someone already proposed for blacklisting old
recipes).
Regards,
--
uin:136542059 jid:Martin.Jansa at gmail.com
Jansa Martin sip:jamasip at voip.wengo.fr
JaMa
More information about the Openembedded-devel
mailing list