[yocto] Security upgrade stategy
Khem Raj
raj.khem at gmail.com
Wed Nov 29 11:24:12 PST 2017
On Wed, Nov 29, 2017 at 11:06 AM, Brian Smucker <bds at bsmucker.eu.org> wrote:
> Hello,
>
> I have an older yocto-based image built with Danny.
>
> We have a need to update two components, php and dropbear, to the most
> modern versions for security purposes.
>
> What is the preferred way to do this without moving the whole image to the
> latest version of poky/yocto? That would be a big job, which would
> necessitate migrating my linux dev environment to something newer, in
> addition to other things.
>
> Or is there a preferred way? How do people handle this?
>
We usually backport the needed fixes back into release branches.
Version upgrades
are usually not the norm. However, in your case where are on danny which might
have stopped to receive any security fixes already, it might be
something you can
undertake in your distro to upgrade the versions. Take the new version
from latest
release or master and retrofit it into the release you are on then
fix/integrate it into
rest of your distro. However here you have forked and can keep
following the same
procedure for subsequent upgrades for these packages. Obviously, you might see
integration issues but thats expected.
> Thanks,
>
> Brian
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
More information about the yocto
mailing list