From 0d5e5385191b386abce6292e9688018a11c74c63 Mon Sep 17 00:00:00 2001 From: Marta Rybczynska Date: Tue, 24 Oct 2023 13:38:38 +0200 Subject: bitbake: SECURITY.md: add file Add a SECURITY.md file with hints for security researchers and other parties who might report potential security vulnerabilities. (Bitbake rev: dd826595414c5dc1a649f45a9dd2430bf6d4699b) Signed-off-by: Marta Rybczynska Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- bitbake/SECURITY.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 bitbake/SECURITY.md (limited to 'bitbake/SECURITY.md') diff --git a/bitbake/SECURITY.md b/bitbake/SECURITY.md new file mode 100644 index 0000000000..7d2ce1f631 --- /dev/null +++ b/bitbake/SECURITY.md @@ -0,0 +1,24 @@ +How to Report a Potential Vulnerability? +======================================== + +If you would like to report a public issue (for example, one with a released +CVE number), please report it using the +[https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Security Security Bugzilla]. +If you have a patch ready, submit it following the same procedure as any other +patch as described in README.md. + +If you are dealing with a not-yet released or urgent issue, please send a +message to security AT yoctoproject DOT org, including as many details as +possible: the layer or software module affected, the recipe and its version, +and any example code, if available. + +Branches maintained with security fixes +--------------------------------------- + +See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS] +for detailed info regarding the policies and maintenance of Stable branches. + +The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all +releases of the Yocto Project. Versions in grey are no longer actively maintained with +security patches, but well-tested patches may still be accepted for them for +significant issues. -- cgit v1.2.3-54-g00ecf