From: michael.opdenacker@bootlin.com
To: docs@lists.yoctoproject.org
Cc: rybczynska@gmail.com, mikko.rapeli@linaro.org,
Michael Opdenacker <michael.opdenacker@bootlin.com>
Subject: [PATCH v2 3/4] dev-manual: common-tasks.rst: add regular updates and CVE scans to security best practices
Date: Wed, 26 Oct 2022 18:07:12 +0200 [thread overview]
Message-ID: <20221026160713.2068570-4-michael.opdenacker@bootlin.com> (raw)
In-Reply-To: <20221026160713.2068570-1-michael.opdenacker@bootlin.com>
From: Michael Opdenacker <michael.opdenacker@bootlin.com>
From: Mikko Rapeli <mikko.rapeli@linaro.org>
Regular security scans and updates to fix issues and updates from
upstream maintainers are best practices.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
---
documentation/dev-manual/common-tasks.rst | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst
index 53e7686633..d435bc8a4c 100644
--- a/documentation/dev-manual/common-tasks.rst
+++ b/documentation/dev-manual/common-tasks.rst
@@ -6231,6 +6231,13 @@ more secure:
vulnerabilities discovered in the future. This consideration
especially applies when your device is network-enabled.
+- Regularly scan and apply fixes for CVE security issues affecting
+ all software components in the product, see ":ref:`dev-manual/common-tasks:checking for vulnerabilities`".
+
+- Regularly update your version of Poky and OE-Core from their upstream
+ developers, e.g. to apply updates and security fixes from stable
+ and LTS branches.
+
- Ensure you remove or disable debugging functionality before producing
the final image. For information on how to do this, see the
":ref:`dev-manual/common-tasks:considerations specific to the openembedded build system`"
--
2.34.1
next prev parent reply other threads:[~2022-10-26 16:07 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1721A288D2BAB036.492@lists.yoctoproject.org>
2022-10-26 16:07 ` [PATCH v2 0/4] Improve CVE check and patching documentation michael.opdenacker
2022-10-26 16:07 ` [PATCH v2 1/4] ref-manual: variables.rst: add documentation for CVE_VERSION michael.opdenacker
2022-10-26 16:32 ` [docs] " Richard Purdie
2022-10-26 17:51 ` Michael Opdenacker
2022-10-26 16:07 ` [PATCH v2 2/4] ref-manual: classes.rst: improve documentation for cve-check.bbclass michael.opdenacker
2022-10-26 16:07 ` michael.opdenacker [this message]
2022-10-26 16:07 ` [PATCH v2 4/4] dev-manual: common-tasks.rst: refactor and improve "Checking for Vulnerabilities" section michael.opdenacker
2022-10-27 6:54 ` Mikko Rapeli
2022-10-27 8:16 ` [docs] " Michael Opdenacker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221026160713.2068570-4-michael.opdenacker@bootlin.com \
--to=michael.opdenacker@bootlin.com \
--cc=docs@lists.yoctoproject.org \
--cc=mikko.rapeli@linaro.org \
--cc=rybczynska@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox