From f7bffb351c59cc972d9141ac2ab5ee2c40e19547 Mon Sep 17 00:00:00 2001 From: Bruce Ashfield Date: Fri, 3 Nov 2023 17:23:20 +0000 Subject: [PATCH] docs: add SECURITY.md and rename README.md To be compliant with the recent yocto project security processes, add a SECURITY.md file that explains what to do if an issue is detected. This also renames README to README.md to be similar to other layers. Signed-off-by: Bruce Ashfield --- README => README.md | 0 SECURITY.md | 23 +++++++++++++++++++++++ 2 files changed, 23 insertions(+) rename README => README.md (100%) create mode 100644 SECURITY.md diff --git a/README b/README.md similarity index 100% rename from README rename to README.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..9fe8a8e2 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,23 @@ +How to Report a Potential Vulnerability? +======================================== + +If you would like to report a public issue (for example, one with a released +CVE number), please report it using the mailing list as described in README.md +If you have a patch ready, submit it following the same procedure as any other +patch as described in the same file. + +If you are dealing with a not-yet released or urgent issue, please send a +message to the layer maintainer, including as many details as +possible: the software module affected, the recipe and its version, +and any example code, if available. + +Branches maintained with security fixes +--------------------------------------- + +See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS] +for detailed info regarding the policies and maintenance of Stable branches. + +The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all +releases of the Yocto Project. Versions in grey are no longer actively maintained with +security patches, but well-tested patches may still be accepted for them for +significant issues.