Yocto, Kernel and OpenBMC security maintenance
andrew at aj.id.au
Mon Nov 13 16:37:48 AEDT 2017
On Tue, 2017-11-07 at 15:56 +1030, Joel Stanley wrote:
> On todays community call we chatted about security updates for the
> project. Nancy pointed out that there tools in the tree that are many
> versions out of date and have security fixes available, but not
> applied to our tree.
> To date there has been no focused effort on ensuring known
> vulnerabilities are patched, weather this be backporting patches or
> updating to newer releases. I suggested we focus on ensuring the
> OpenBMC tree, as the upstream for our products, is where security
> fixes are applied.
For what it's worth there's some discussion of upgrading to Yocto 2.3
and what we might do to better track master on the issue tracker:
I agree we need to improve how we track things such as security patches
that go into upstream.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: This is a digitally signed message part
More information about the openbmc