docs: add SECURITY.md and rename README.md

To be compliant with the recent yocto project security processes, add a SECURITY.md file that explains what to do if an issue is detected. This also renames README to README.md to be similar to other layers. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
2025-07-04 21:05:25 +02:00 · 2023-11-03 17:23:20 +00:00 · 2023-11-03 17:23:20 +00:00 · f7bffb351c
commit f7bffb351c
parent 115f6367f3
2 changed files with 23 additions and 0 deletions
--- a/README.md
+++ b/README.md
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,23 @@
+How to Report a Potential Vulnerability?
+========================================
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it using the mailing list as described in README.md
+If you have a patch ready, submit it following the same procedure as any other
+patch as described in the same file.
+
+If you are dealing with a not-yet released or urgent issue, please send a
+message to the layer maintainer, including as many details as
+possible: the software module affected, the recipe and its version,
+and any example code, if available.
+
+Branches maintained with security fixes
+---------------------------------------
+
+See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS]
+for detailed info regarding the policies and maintenance of Stable branches.
+
+The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
+releases of the Yocto Project. Versions in grey are no longer actively maintained with
+security patches, but well-tested patches may still be accepted for them for
+significant issues.