* is it time for a separate YP doc focusing on security/vulnerabilities/CVEs, etc? @ 2025-12-15 21:02 Robert P. J. Day 2025-12-16 9:33 ` [docs] " Quentin Schulz 0 siblings, 1 reply; 3+ messages in thread From: Robert P. J. Day @ 2025-12-15 21:02 UTC (permalink / raw) To: YP docs mailing list i know i've mentioned this before but, to start with, the dev manual section "Making Images More Secure": https://docs.yoctoproject.org/dev-manual/securing-images.html opens with three links all of which are more than a decade old. and further down in that same manual, there are two sections related to vulnerabilities. given the importance of security in the embedded space, might it be time for a whole document devoted to the subject? there were a number of talks related to this in the recent YP virtual summit, that seems like a decent place to start. surely there is easily enough content to justify a separate manual for this, no? rday ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [docs] is it time for a separate YP doc focusing on security/vulnerabilities/CVEs, etc? 2025-12-15 21:02 is it time for a separate YP doc focusing on security/vulnerabilities/CVEs, etc? Robert P. J. Day @ 2025-12-16 9:33 ` Quentin Schulz 2025-12-16 10:09 ` Antonin Godard 0 siblings, 1 reply; 3+ messages in thread From: Quentin Schulz @ 2025-12-16 9:33 UTC (permalink / raw) To: rpjday, YP docs mailing list Hi Robert, On 12/15/25 10:00 PM, Robert P. J. Day via lists.yoctoproject.org wrote: > > i know i've mentioned this before but, to start with, the dev manual > section "Making Images More Secure": > > https://docs.yoctoproject.org/dev-manual/securing-images.html > > opens with three links all of which are more than a decade old. and > further down in that same manual, there are two sections related to > vulnerabilities. given the importance of security in the embedded > space, might it be time for a whole document devoted to the subject? > > there were a number of talks related to this in the recent YP > virtual summit, that seems like a decent place to start. surely there > is easily enough content to justify a separate manual for this, no? > https://lore.kernel.org/yocto-docs/20251204-reorg-security-section-v1-1-75aeeb741c83@bootlin.com/ Maybe? Anything more to add to that patch? Since you have some interest in the topic, please take a few minutes and help reviewing it? Cheers, Quentin ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [docs] is it time for a separate YP doc focusing on security/vulnerabilities/CVEs, etc? 2025-12-16 9:33 ` [docs] " Quentin Schulz @ 2025-12-16 10:09 ` Antonin Godard 0 siblings, 0 replies; 3+ messages in thread From: Antonin Godard @ 2025-12-16 10:09 UTC (permalink / raw) To: quentin.schulz, rpjday, YP docs mailing list Hi, On Tue Dec 16, 2025 at 10:33 AM CET, Quentin Schulz via lists.yoctoproject.org wrote: > Hi Robert, > > On 12/15/25 10:00 PM, Robert P. J. Day via lists.yoctoproject.org wrote: >> >> i know i've mentioned this before but, to start with, the dev manual >> section "Making Images More Secure": >> >> https://docs.yoctoproject.org/dev-manual/securing-images.html >> >> opens with three links all of which are more than a decade old. and >> further down in that same manual, there are two sections related to >> vulnerabilities. given the importance of security in the embedded >> space, might it be time for a whole document devoted to the subject? >> >> there were a number of talks related to this in the recent YP >> virtual summit, that seems like a decent place to start. surely there >> is easily enough content to justify a separate manual for this, no? >> > > https://lore.kernel.org/yocto-docs/20251204-reorg-security-section-v1-1-75aeeb741c83@bootlin.com/ > > Maybe? > > Anything more to add to that patch? Since you have some interest in the > topic, please take a few minutes and help reviewing it? This patch moves the process-related security bits to its own section, but it's process only. I believe Robert was talking more about a "how to secure your target" manual. Right now, I can see we have: - dev-manual/securing-images.rst - dev-manual/vulnerabilities.rst - dev-manual/read-only-rootfs.rst - (anything else?) I'm not against moving these to a security manual, like the kernel or profiling one. It also puts security a bit more to the front, which I think is what the YP (and rest of the world) is leaning towards. Afterwards, people can plug-in security guides/tips in there, as long as the implementation is supported in OE-Core/Poky. For example, systemd security features through PACKAGECONFIG, etc. This would also help with this open bug: https://bugzilla.yoctoproject.org/show_bug.cgi?id=14509. Regarding the links in securing-images.rst, yes, they could be refreshed or even removed, as I find the sentence "Consider the issues and problems discussed in just this sampling of work found across the Internet:" not strictly necessary in a Yocto Project documentation context. Patches welcome :) Antonin -- Antonin Godard, Bootlin Embedded Linux and Kernel engineering https://bootlin.com ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-12-16 10:09 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-12-15 21:02 is it time for a separate YP doc focusing on security/vulnerabilities/CVEs, etc? Robert P. J. Day 2025-12-16 9:33 ` [docs] " Quentin Schulz 2025-12-16 10:09 ` Antonin Godard
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox