[yocto] Security upgrade stategy
Andre McCurdy
armccurdy at gmail.com
Thu Nov 30 12:42:20 PST 2017
On Wed, Nov 29, 2017 at 11:24 AM, Khem Raj <raj.khem at gmail.com> wrote:
> On Wed, Nov 29, 2017 at 11:06 AM, Brian Smucker <bds at bsmucker.eu.org> wrote:
>> Hello,
>>
>> I have an older yocto-based image built with Danny.
>>
>> We have a need to update two components, php and dropbear, to the most
>> modern versions for security purposes.
>>
>> What is the preferred way to do this without moving the whole image to the
>> latest version of poky/yocto? That would be a big job, which would
>> necessitate migrating my linux dev environment to something newer, in
>> addition to other things.
>>
>> Or is there a preferred way? How do people handle this?
>
> We usually backport the needed fixes back into release branches.
> Version upgrades
> are usually not the norm. However, in your case where are on danny which might
> have stopped to receive any security fixes already
To avoid and doubt, danny has definitely stopped receiving any security fixes!
>, it might be
> something you can
> undertake in your distro to upgrade the versions. Take the new version
> from latest
> release or master and retrofit it into the release you are on then
> fix/integrate it into
> rest of your distro. However here you have forked and can keep
> following the same
> procedure for subsequent upgrades for these packages. Obviously, you might see
> integration issues but thats expected.
>
>> Thanks,
>>
>> Brian
>> --
>> _______________________________________________
>> yocto mailing list
>> yocto at yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/yocto
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
More information about the yocto
mailing list