Hi,
On 10.03.20 17:11, Ross Burton wrote:
On Mon, 9 Mar 2020 at 07:45, Ayoub Zaki <[email protected]> wrote:
Adrian is making a point here, The Yocto Project by claiming that it
supports security patches for Stable releases is misleading the Users!
I work with different customers and some of them think that by using and
pulling the latest releases they will get the CVEs automatically fixed!
YP should state that CLEARLY! Of course it will impact the choice of
going with Yocto or Not ( probably NOT in this case).
What would the alternative to Yocto be, and what is their security
policy? Does e.g. buildroot commit to fixing every known security
issue (which is more than just known CVEs) in their releases?
Security patches support is definitely for many companies a knock-out
criterion.
Probably in this case Debian or a commercial OSes like Qnx would be a
choice for who can afford it.
Mit freundlichen Grüßen / Kind regards
--
Ayoub Zaki
Embedded Systems Consultant
Vaihinger Straße 2/1
D-71634 Ludwigsburg
Mobile : +4917662901545
Email : [email protected]
Homepage : https://embexus.com
VAT No. : DE313902634
--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
