From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] Buildroot LTS?
Date: Fri, 30 Oct 2015 14:58:03 +0100 [thread overview]
Message-ID: <20151030145803.6aeb3c2d@free-electrons.com> (raw)
In-Reply-To: <563336DE.4040809@2net.co.uk>
Hello Chris,
On Fri, 30 Oct 2015 09:22:38 +0000, Chris Simmonds wrote:
> Is there a long term support policy for Buildroot? For example, when the
> next significant bug like heartbleed or shellshock comes along, how do I
> best incorporate the fix in my Buildroot project?
>
> Looking through the commit history, I gather that Buildroot is a
> "rolling release". There are stable releases several times per year, but
> there are few updates once it is released. So, the way to get security
> fixes would be to update to the latest stable release: is that correct?
> The downside is that that will bring in many changes in addition to
> fixing security bugs and I may have to go through a new QA cycle.
>
> I would be interested in any comments on the above. What do Buildroot
> users do in practice? Does any 3rd party offer LTS support for Buildroot?
There is currently no long term support policy for the community
maintained Buildroot. We have discussed this topic a few times during
our meetings, as I remember raising the question of whether we should
maintain for a longer period certain specific releases of Buildroot, at
least to take care of the security problems.
So far, our common reaction was that it is rather time-consuming to do
and also not very exciting for volunteers to do. It is the type of
topic that would really be helped if there was some funding from
companies.
That being said, if there is sufficient interest for this, and
developers willing to look at the security issues and submit the
corresponding patches, I'm sure we'd be happy to create such LTS
releases from time to time.
Currently, Buildroot users have two options:
* Stick to a given Buildroot version, and take care of the security
updates themselves.
* Update their Buildroot version, but this as you said has the
consequence of updating many components in the system, even when the
update is not strictly necessary from a security point of view.
I would personally be happy to take patches against a given fixed
version of Buildroot, and do regularly some point releases based on
this version. But there need to be some involvement from the interested
users.
As far as security updates provided by third party companies, I guess
several embedded Linux services company would probably be willing to
provide such services. But there is no formal/public offering as far as
I know.
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
next prev parent reply other threads:[~2015-10-30 13:58 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-30 9:22 [Buildroot] Buildroot LTS? Chris Simmonds
2015-10-30 13:58 ` Thomas Petazzoni [this message]
2015-10-30 16:14 ` Arnout Vandecappelle
2015-10-31 9:01 ` Peter Korsgaard
2015-11-06 15:35 ` Gustavo Zacarias
2015-11-06 15:50 ` Thomas Petazzoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151030145803.6aeb3c2d@free-electrons.com \
--to=thomas.petazzoni@free-electrons.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox