diff options
author | Marta Rybczynska <rybczynska@gmail.com> | 2023-10-18 07:22:41 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-10-19 11:30:59 +0100 |
commit | 4895e1892a49417fc5a806bd02c1bbac01f37253 (patch) | |
tree | 872eff80d879bc8ed8d3e8e73d53801c1d5126a9 | |
parent | 4f84537670020a8d902248479efa9f062089c0d3 (diff) | |
download | openembedded-core-4895e1892a49417fc5a806bd02c1bbac01f37253.tar.gz |
SECURITY.md: add file
Add a SECURITY.md file with hints for security researchers and other
parties who might report potential security vulnerabilities.
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | SECURITY.md | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..1b63da4f69 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,22 @@ +How to Report a Potential Vulnerability? +======================================== + +If you would like to report a public issue (for example, one with a released +CVE number), please report it using the +[https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Security Security Bugzilla] + +If you are dealing with a not-yet released or urgent issue, please send a +message to security AT yoctoproject DOT org, including as many details as +possible: the layer or software module affected, the recipe and its version, +and any example code, if available. + +Branches maintained with security fixes +--------------------------------------- + +See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS] +for detailed info regarding the policies and maintenance of Stable branches. + +The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all +releases of the Yocto Project. Versions in grey are no longer actively maintained with +security patches, but well-tested patches may still be accepted for them for +significant issues. |