[OE-core] [Openembedded-architecture] Does YP provide security support for stable and LTS branches?

Ayoub Zaki ayoub.zaki at embexus.com
Tue Mar 10 19:45:58 UTC 2020


Hi,


On 10.03.20 17:11, Ross Burton wrote:
> On Mon, 9 Mar 2020 at 07:45, Ayoub Zaki <ayoub.zaki at embexus.com> wrote:
>> Adrian is making a point here, The Yocto Project by claiming that it
>> supports security patches for Stable releases is misleading the Users!
>>
>> I work with different customers and some of them think that by using and
>> pulling the latest releases they will get the CVEs automatically fixed!
>>
>> YP should state that CLEARLY! Of course it will impact the choice of
>> going with Yocto or Not ( probably NOT in this case).
> What would the alternative to Yocto be, and what is their security
> policy?  Does e.g. buildroot commit to fixing every known security
> issue (which is more than just known CVEs) in their releases?


Security patches support is definitely for many companies a knock-out 
criterion.
Probably in this case Debian or a commercial OSes like Qnx would be a 
choice for who can afford it.


Mit freundlichen Grüßen / Kind regards

-- 
Ayoub Zaki
Embedded Systems Consultant

Vaihinger Straße 2/1
D-71634 Ludwigsburg


Mobile   : +4917662901545
Email    : ayoub.zaki at embexus.com
Homepage : https://embexus.com
VAT No.  : DE313902634

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20200310/6a1b11ee/attachment.html>


More information about the Openembedded-core mailing list