[OE-core] [Openembedded-architecture] Does YP provide security support for stable and LTS branches?
Ayoub Zaki
ayoub.zaki at embexus.com
Tue Mar 10 19:45:58 UTC 2020
Hi,
On 10.03.20 17:11, Ross Burton wrote:
> On Mon, 9 Mar 2020 at 07:45, Ayoub Zaki <ayoub.zaki at embexus.com> wrote:
>> Adrian is making a point here, The Yocto Project by claiming that it
>> supports security patches for Stable releases is misleading the Users!
>>
>> I work with different customers and some of them think that by using and
>> pulling the latest releases they will get the CVEs automatically fixed!
>>
>> YP should state that CLEARLY! Of course it will impact the choice of
>> going with Yocto or Not ( probably NOT in this case).
> What would the alternative to Yocto be, and what is their security
> policy? Does e.g. buildroot commit to fixing every known security
> issue (which is more than just known CVEs) in their releases?
Security patches support is definitely for many companies a knock-out
criterion.
Probably in this case Debian or a commercial OSes like Qnx would be a
choice for who can afford it.
Mit freundlichen Grüßen / Kind regards
--
Ayoub Zaki
Embedded Systems Consultant
Vaihinger Straße 2/1
D-71634 Ludwigsburg
Mobile : +4917662901545
Email : ayoub.zaki at embexus.com
Homepage : https://embexus.com
VAT No. : DE313902634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20200310/6a1b11ee/attachment.html>
More information about the Openembedded-core
mailing list