On Mon, 9 Mar 2020 at 07:45, Ayoub Zaki <ayoub.z...@embexus.com> wrote: > Adrian is making a point here, The Yocto Project by claiming that it > supports security patches for Stable releases is misleading the Users! > > I work with different customers and some of them think that by using and > pulling the latest releases they will get the CVEs automatically fixed! > > YP should state that CLEARLY! Of course it will impact the choice of > going with Yocto or Not ( probably NOT in this case).
What would the alternative to Yocto be, and what is their security policy? Does e.g. buildroot commit to fixing every known security issue (which is more than just known CVEs) in their releases? Ross -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
