Hello AOSP team, I have a question about the security bulletins and the corresponding patches. I would like to make a marshmallow AOSP build with the latest security patches but it seems to me that the security patches were not backported to this version since a while.
For example if I take the recent KRACK vulnerability, I see 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 in the list of of updated AOSP versions in the corresponding bulletin (https://source.android.com/security/bulletin/2017-11-01). However when I look the android official wpa_supplicant repository ( https://android.googlesource.com/platform/external/wpa_supplicant_8/) I see that none of the marshmallow branches has been updated since a while. marshmallow-release last commit 2015 marshmallow-mr3-release last commit 2016 marshmallow-mr2-release last commit mar 2017 marshmallow-mr1-release last commit 2016 marshmallow-dev last commit 2015 Am I looking at the wrong place ? I fully realize that marshmallow is already an old version and that backporting security patches can represent a lot of work but then wouldn't "affected AOSP" versions be a better description ? The goal here is not to undermine the awesome job done for security by providing these security bulletins but simply to try to make sense of this "updated AOSP version" mention. Thanks, Raphael -- -- You received this message because you are subscribed to the "Android Building" mailing list. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-building?hl=en --- You received this message because you are subscribed to the Google Groups "Android Building" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
