SECURITY.md: Add file

Add a SECURITY.md file with hints for security researchers and other parties who might report potential security vulnerabilities. (From meta-yocto rev: d8b84cfded9137a74ab0052ff2d7710887f29f10) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-10-24 12:58:24 +0100
committer: Steve Sakoman <steve@sakoman.com> 2023-10-24 05:22:46 -1000
commit: f1cf9f0f12c2b53e5668e16bdc8eabfdefa7b124 (patch)
tree: dae50f73223444b23bd5e8f6bc958ebc255a77a5
parent: 0d5e5385191b386abce6292e9688018a11c74c63 (diff)
download: poky-f1cf9f0f12c2b53e5668e16bdc8eabfdefa7b124.tar.gz
1 files changed, 24 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..7d2ce1f631
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+How to Report a Potential Vulnerability?
+========================================
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it using the
+[https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Security Security Bugzilla].
+If you have a patch ready, submit it following the same procedure as any other
+patch as described in README.md.
+If you are dealing with a not-yet released or urgent issue, please send a
+message to security AT yoctoproject DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.
+Branches maintained with security fixes
+---------------------------------------
+See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS]
+for detailed info regarding the policies and maintenance of Stable branches.
+The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
+releases of the Yocto Project. Versions in grey are no longer actively maintained with
+security patches, but well-tested patches may still be accepted for them for
+significant issues.
author	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-10-24 12:58:24 +0100
committer	Steve Sakoman <steve@sakoman.com>	2023-10-24 05:22:46 -1000
commit	f1cf9f0f12c2b53e5668e16bdc8eabfdefa7b124 (patch)
tree	dae50f73223444b23bd5e8f6bc958ebc255a77a5
parent	0d5e5385191b386abce6292e9688018a11c74c63 (diff)
download	poky-f1cf9f0f12c2b53e5668e16bdc8eabfdefa7b124.tar.gz

diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..7d2ce1f631 --- /dev/null +++ b/SECURITY.md
@@ -0,0 +1,24 @@
	1	How to Report a Potential Vulnerability?
	2	========================================
	3
	4	If you would like to report a public issue (for example, one with a released
	5	CVE number), please report it using the
	6	[https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Security Security Bugzilla].
	7	If you have a patch ready, submit it following the same procedure as any other
	8	patch as described in README.md.
	9
	10	If you are dealing with a not-yet released or urgent issue, please send a
	11	message to security AT yoctoproject DOT org, including as many details as
	12	possible: the layer or software module affected, the recipe and its version,
	13	and any example code, if available.
	14
	15	Branches maintained with security fixes
	16	---------------------------------------
	17
	18	See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS]
	19	for detailed info regarding the policies and maintenance of Stable branches.
	20
	21	The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
	22	releases of the Yocto Project. Versions in grey are no longer actively maintained with
	23	security patches, but well-tested patches may still be accepted for them for
	24	significant issues.