SECURITY.md: add file

Add a SECURITY.md file with hints for security researchers and other parties who might report potential security vulnerabilities. (From OE-Core rev: 4895e1892a49417fc5a806bd02c1bbac01f37253) Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Marta Rybczynska <rybczynska@gmail.com> 2023-10-18 07:22:41 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-10-19 11:31:13 +0100
commit: 0d30313680cf2a1165060f6fcd13bbfc93fa17e1 (patch)
tree: 5832c00c504578e3f467c2300f3116a96168eb0f
parent: f65f100bc5379c3153ee00b2aa62ea5c9a66ec79 (diff)
download: poky-0d30313680cf2a1165060f6fcd13bbfc93fa17e1.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..1b63da4f69
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,22 @@
+How to Report a Potential Vulnerability?
+========================================
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it using the
+[https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Security Security Bugzilla]
+If you are dealing with a not-yet released or urgent issue, please send a
+message to security AT yoctoproject DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.
+Branches maintained with security fixes
+---------------------------------------
+See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS]
+for detailed info regarding the policies and maintenance of Stable branches.
+The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
+releases of the Yocto Project. Versions in grey are no longer actively maintained with
+security patches, but well-tested patches may still be accepted for them for
+significant issues.
author	Marta Rybczynska <rybczynska@gmail.com>	2023-10-18 07:22:41 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-10-19 11:31:13 +0100
commit	0d30313680cf2a1165060f6fcd13bbfc93fa17e1 (patch)
tree	5832c00c504578e3f467c2300f3116a96168eb0f
parent	f65f100bc5379c3153ee00b2aa62ea5c9a66ec79 (diff)
download	poky-0d30313680cf2a1165060f6fcd13bbfc93fa17e1.tar.gz

diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..1b63da4f69 --- /dev/null +++ b/SECURITY.md
@@ -0,0 +1,22 @@
	1	How to Report a Potential Vulnerability?
	2	========================================
	3
	4	If you would like to report a public issue (for example, one with a released
	5	CVE number), please report it using the
	6	[https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Security Security Bugzilla]
	7
	8	If you are dealing with a not-yet released or urgent issue, please send a
	9	message to security AT yoctoproject DOT org, including as many details as
	10	possible: the layer or software module affected, the recipe and its version,
	11	and any example code, if available.
	12
	13	Branches maintained with security fixes
	14	---------------------------------------
	15
	16	See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS]
	17	for detailed info regarding the policies and maintenance of Stable branches.
	18
	19	The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
	20	releases of the Yocto Project. Versions in grey are no longer actively maintained with
	21	security patches, but well-tested patches may still be accepted for them for
	22	significant issues.