[oe] samba-essential upgrade or remove?

Martin Jansa martin.jansa at gmail.com
Mon Mar 15 08:20:39 UTC 2010

On Mon, Mar 15, 2010 at 09:08:24AM +0100, Frans Meulenbroeks wrote:
> > 3.) Remove recipes for vulnerable software when no one is updating them in
> > time... This can be combined with option 2...
> These are good plans, but I'm not sure if you will get volunteers for
> 2 and people will definitely complain if you do 3.

For security issues would be nice to adopt some form of Angstrom
blacklist class and put blacklist entry for all vulnerable recipes in
some security-blacklist.conf included from bitbake.conf.

This way it would be easy to show why the recipe is not available (CVE
noted in message shown by blacklist when some image tries to pull that

Also it would allow easy blacklist removal for people who don't care
about security and easy to return recipe if someone cares and puts
enough time to fix that issue.

But current code would probably need to extend for blacklist based on
PN-PV not only PN (which someone already proposed for blacklisting old


uin:136542059                jid:Martin.Jansa at gmail.com
Jansa Martin                 sip:jamasip at voip.wengo.fr 

More information about the Openembedded-devel mailing list