[RFC] Copy Upstream-Status from openembedded

Nick vincent at systemli.org
Fri Sep 2 00:21:59 PDT 2022

As written on openembedded.org: "In order to keep track of patches and 
ultimately reduce the number of patches that are required to be 
maintained, we need to track the status of the patches that are 
created." They do this by introducing Upstream-Status: [STATUS] [WHERE]. 
Here is an example:

   grub2: Fix CVE-2015-8370

   Back to 28; Grub2 Authentication

   Two functions suffer from integer underflow fault; the 
grub_username_get() and grub_password_get()located in
   grub-core/normal/auth.c and lib/crypto.c respectively. This can be 
exploited to obtain a Grub rescue shell.

   Upstream-Status: Accepted 
   CVE: CVE-2015-8370
   Signed-off-by: Joe Developer <joe.developer at example.com>

The wiki describes this very detailed:

We already have some kind of upstream status, by looking at the patch 
   0xx - upstream backports
   1xx - code awaiting upstream merge

However, I see there a huge benefit having the upstream status with a 
link to a mailinglist in the patch header.
What do you think?


More information about the openwrt-devel mailing list