[OE-core] [Openembedded-architecture] Does YP provide security support for stable and LTS branches?
Ross Burton
ross at burtonini.com
Tue Mar 10 16:11:48 UTC 2020
On Mon, 9 Mar 2020 at 07:45, Ayoub Zaki <ayoub.zaki at embexus.com> wrote:
> Adrian is making a point here, The Yocto Project by claiming that it
> supports security patches for Stable releases is misleading the Users!
>
> I work with different customers and some of them think that by using and
> pulling the latest releases they will get the CVEs automatically fixed!
>
> YP should state that CLEARLY! Of course it will impact the choice of
> going with Yocto or Not ( probably NOT in this case).
What would the alternative to Yocto be, and what is their security
policy? Does e.g. buildroot commit to fixing every known security
issue (which is more than just known CVEs) in their releases?
Ross
More information about the Openembedded-core
mailing list