[oe] [OE-core] [RFC] Mark of upstream CVE patches
Otavio Salvador
otavio.salvador at ossystems.com.br
Tue Dec 15 16:26:54 UTC 2015
On Tue, Dec 15, 2015 at 2:03 PM, Mariano Lopez
<mariano.lopez at linux.intel.com> wrote:
> There is an initiative to track vulnerable software being built (see bugs
> 8119 and 7515). The idea is to have a testing tool that would check the
> recipe versions against CVEs. In order to accomplish such task there is need
> to reliable mark the patches from upstream that solve CVEs.
I support this initiative and I also second the preference for the tag
in the patch header. It is easy to add, grep for, and simple.
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
More information about the Openembedded-devel
mailing list