From: Alexander Kanavin <alexander.kanavin@linux.intel.com>
To: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 6/7] webkitgtk: update to 2.10.7
Date: Thu, 25 Feb 2016 15:55:32 +0200 [thread overview]
Message-ID: <56CF07D4.3030206@linux.intel.com> (raw)
In-Reply-To: <56CDE61F.7020808@gmail.com>
On 02/24/2016 07:19 PM, akuster808 wrote:
> Many vulnerability notifications will make the same statements.
>
> Updating a package that other packages depend on can cause a cascading
> set of failures. Now you have a bigger set of problems to contend with.
I don't think the possibility of failures is a bigger problem than the
certainty of having to backport a huge number of CVE fixes within a
codebase that you don't understand.
Many of those are not a matter of cherry-picking the right patch; they
require actual webkit expertise, because the code has changed too much
in the meantime. Also, each webkit build takes hours, which slows things
down even more. Do you have the resources for all of that?
> From the commercial side you just can't move your install base to the
> latest package versions for every security issue. The Yocto maintenance
> policy operates very close to this too.
I think you need to make an exception for webkit, and explain this to
your customers.
Alex
next prev parent reply other threads:[~2016-02-25 13:58 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-10 12:42 [PATCH 0/7] Version updates Alexander Kanavin
2016-02-10 12:42 ` [PATCH 1/7] ffmpeg: update to 2.8.6 Alexander Kanavin
2016-02-11 19:05 ` akuster808
2016-02-24 1:55 ` Martin Jansa
2016-02-24 12:34 ` Alexander Kanavin
2016-02-24 13:16 ` Martin Jansa
2016-02-24 13:28 ` Alexander Kanavin
2016-02-24 13:51 ` Martin Jansa
2016-02-10 12:42 ` [PATCH 2/7] gstreamer1.0: fix upstream check for unstable versions from git Alexander Kanavin
2016-02-10 12:42 ` [PATCH 3/7] bash-completion: fix upstream version check Alexander Kanavin
2016-02-10 12:42 ` [PATCH 4/7] iso-codes: update to 3.65 Alexander Kanavin
2016-02-10 12:42 ` [PATCH 5/7] libwnck3: update to 3.14.1 Alexander Kanavin
2016-02-10 12:42 ` [PATCH 6/7] webkitgtk: update to 2.10.7 Alexander Kanavin
2016-02-11 19:08 ` akuster808
2016-02-16 14:34 ` Alexander Kanavin
2016-02-16 15:55 ` akuster808
2016-02-24 11:55 ` Alexander Kanavin
2016-02-24 17:19 ` akuster808
2016-02-25 13:55 ` Alexander Kanavin [this message]
2016-02-10 12:42 ` [PATCH 7/7] pixz: fix upstream version check Alexander Kanavin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56CF07D4.3030206@linux.intel.com \
--to=alexander.kanavin@linux.intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox