cve-check: don't warn if a patch is remote
We don't make do_cve_check depend on do_unpack because that would be a waste of time 99% of the time. The compromise here is that we can't scan remote patches for issues, but this isn't a problem so downgrade the warning to a note. Also move the check for CVEs in the filename before the local file check so that even with remote patches, we still check for CVE references in the name. Signed-off-by:Ross Burton <ross.burton@arm.com> Signed-off-by:
Richard Purdie <richard.purdie@linuxfoundation.org>
Loading