On Fri, 2023-10-20 at 10:56 +0200, Marta Rybczynska wrote: > While working on multiple aspects of security processes, one question > comes back frequently: which are the layers we support with those > processes? This has impact on the number of SECURITY.md I will be > submitting, of configuring any CVE synchronization work etc. > > The YP download page offers a download of poky. The release > documentation > https://docs.yoctoproject.org/migration-guides/index.html#release-information > nor the Release page (https://wiki.yoctoproject.org/wiki/Releases) > does not exactly list layers covered. > > Is it poky only? Poky + meta-openemedded? With some BSP layers? > > This has a general impact, because I assume that layers maintained > "externally" might have different security contacts, for example. > > Do we have that documented somewhere so that we can reference in the > security documentation?
It will be for the layer maintainers to decide what to do about this file. From the Yocto Project perspective, we should cover bitbake, meta-yocto, openembedded-core (done) and yocto-docs. Looking over https://git.yoctoproject.org/ we should add one to meta- mingw as a tested layer. I've asked meta-gplv2 move to other layers. We should probably mention this issue to the other layer maintainers, maybe on the architecture list and perhaps also open a bug to make SECURITY.md a requirement for Yocto Project Compatible status? We should also add it to some of the code/tools repositories, in particular: auto-upgrade-helper, buildhistory-web, error-report-web, git-refinery- web, layerindex-web, pseudo, psplash, ptest-runner2, update-rc.d, swatbot, yocto-autobuilder-helper, yocto-autobuilder2. If we're happy with the test in OE-Core, I can update several of these to make the work a little easier? We should email the maintainers for opkg/opkg-utils as well (opkg mailing list). Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1798): https://lists.openembedded.org/g/openembedded-architecture/message/1798 Mute This Topic: https://lists.openembedded.org/mt/102077441/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
