dev-manual: common-tasks.rst: add regular updates and CVE scans to security best practices

Regular security scans and updates to fix issues and updates from upstream maintainers are best practices. (From yocto-docs rev: 24d3337b6cbb38297877f6ce6ec78896ce93e8b2) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Mikko Rapeli <mikko.rapeli@linaro.org> 2022-10-26 16:12:06 +0300
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-10-28 15:48:03 +0100
commit: aa5fd56b9abf9b5ab8deaf65be6e5127fb0368da (patch)
tree: 6a158f74ffa93692ec94b68b8cf0425af1ea0671 /documentation
parent: 362477c421e8d2d82a3751e353f615a74b937435 (diff)
download: poky-aa5fd56b9abf9b5ab8deaf65be6e5127fb0368da.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst
index 53e7686633..d435bc8a4c 100644
--- a/documentation/dev-manual/common-tasks.rst
+++ b/documentation/dev-manual/common-tasks.rst
@@ -6231,6 +6231,13 @@ more secure:
   vulnerabilities discovered in the future. This consideration
   especially applies when your device is network-enabled.
+-  Regularly scan and apply fixes for CVE security issues affecting
+   all software components in the product, see ":ref:`dev-manual/common-tasks:checking for vulnerabilities`".
+-  Regularly update your version of Poky and OE-Core from their upstream
+   developers, e.g. to apply updates and security fixes from stable
+   and LTS branches.
 -  Ensure you remove or disable debugging functionality before producing
   the final image. For information on how to do this, see the
   ":ref:`dev-manual/common-tasks:considerations specific to the openembedded build system`"
author	Mikko Rapeli <mikko.rapeli@linaro.org>	2022-10-26 16:12:06 +0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-10-28 15:48:03 +0100
commit	aa5fd56b9abf9b5ab8deaf65be6e5127fb0368da (patch)
tree	6a158f74ffa93692ec94b68b8cf0425af1ea0671 /documentation
parent	362477c421e8d2d82a3751e353f615a74b937435 (diff)
download	poky-aa5fd56b9abf9b5ab8deaf65be6e5127fb0368da.tar.gz

diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst index 53e7686633..d435bc8a4c 100644 --- a/documentation/dev-manual/common-tasks.rst +++ b/documentation/dev-manual/common-tasks.rst
@@ -6231,6 +6231,13 @@ more secure:
6231	vulnerabilities discovered in the future. This consideration	6231	vulnerabilities discovered in the future. This consideration
6232	especially applies when your device is network-enabled.	6232	especially applies when your device is network-enabled.
6233		6233
		6234	- Regularly scan and apply fixes for CVE security issues affecting
		6235	all software components in the product, see ":ref:`dev-manual/common-tasks:checking for vulnerabilities`".
		6236
		6237	- Regularly update your version of Poky and OE-Core from their upstream
		6238	developers, e.g. to apply updates and security fixes from stable
		6239	and LTS branches.
		6240
6234	- Ensure you remove or disable debugging functionality before producing	6241	- Ensure you remove or disable debugging functionality before producing
6235	the final image. For information on how to do this, see the	6242	the final image. For information on how to do this, see the
6236	":ref:`dev-manual/common-tasks:considerations specific to the openembedded build system`"	6243	":ref:`dev-manual/common-tasks:considerations specific to the openembedded build system`"