[oe] [RFC] Remove older freetype versions
Frans Meulenbroeks
fransmeulenbroeks at gmail.com
Tue Oct 12 20:59:29 UTC 2010
2010/10/12 Tom Rini <tom_rini at mentor.com>:
> Philip Balister wrote:
>>
>> On 10/12/2010 12:41 PM, Koen Kooi wrote:
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On 12-10-10 18:26, Tom Rini wrote:
>>>>
>>>> Hey all,
>>>>
>>>> I'd like to remove all versions of freetype before 2.4.3. The only dist
>>>> which is pinning freetype currently does so via
>>>> conf/distro/include/preferred-opie-versions.inc and that pins to a
>>>> non-existent version (it's using OPIE_VERSION which seems wrong). All
>>>> of the previous versions have various security issues, including
>>>> remotely exploitable ones. Only the very oldest version we have as a
>>>> D_P -1 so everyone was using 2.3.12 and will be going up to 2.4.3
>>>> (libraries are compat).
>>>
>>> Speaking of freetype, the bytecode patent expired, so we can turn that
>>> on and get nicer text :)
>>>
>>> And removing older freetypes is a good idea
>>
>> I'd like to point people at openwmbedded/removal.txt. This would be a good
>> place to schedule things for deletion. As in I added a new version and made
>> it active, but do not want to delete the older version for a couple of
>> months just in case something crops up. So leave a note in removal.txt to
>> look are removing a recipe on a certain date.
>
> In general, good idea. But we've been doing things a lot quicker more
> recently. And I'd like to not wait for a long time for security related
> items.
I agree with Tom on this, especially for security related issues.
I'd say removal.txt is mostly for removal of distro's, last versions
of recipes etc.
removal of older minor versions is imho at the discretion of the
maintainer of a recipe (and if there is none known, I feel it is best
judgement)
for majors some additional care is to be taken, but when it comes to
security related issues, I feel we should give priority to security.
Maybe we should discuss the removal policy at OEDEM.
Meanwhile for this proposal:
Acked-by: Frans Meulenbroeks <fransmeulenbroeks at gmail.com>
More information about the Openembedded-devel
mailing list