[0/4] Improve CVE check and patching documentation

Message ID	20221026131207.3655961-1-mikko.rapeli@linaro.org
Headers	show Return-Path: <mikko.rapeli@linaro.org> ip: 91.232.154.25, mailfrom: mcfrisk@lakka.kapsi.fi) From: mikko.rapeli@linaro.org To: docs@lists.yoctoproject.org Cc: Mikko Rapeli <mikko.rapeli@linaro.org> Subject: [PATCH 0/4] Improve CVE check and patching documentation Date: Wed, 26 Oct 2022 16:12:03 +0300 Message-Id: <20221026131207.3655961-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Symbol: RCVD_TLS_LAST(0.00) Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: TO_DN_SOME(0.00) Symbol: R_MISSING_CHARSET(0.50) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: MIME_GOOD(-0.10) Symbol: RCPT_COUNT_TWO(0.00) Symbol: FROM_NO_DN(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: R_SPF_NA(0.00) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: BAYES_HAM(-3.00) Symbol: RCVD_COUNT_TWO(0.00) Message-ID: 20221026131207.3655961-1-mikko.rapeli@linaro.org
Series	Improve CVE check and patching documentation \| expand [0/4] Improve CVE check and patching documentation [1/4] ref-manual/variables.rst: add documentation for CVE_VERSION [2/4] classes.rst: improve documentation for cve-check.bbclass [3/4] common-tasks.rst: add regular updates and CVE scans to security best practices [4/4] common-tasks.rst: refactor and improve "Checking for Vulnerabilities" section

Message ID

20221026131207.3655961-1-mikko.rapeli@linaro.org

Headers

From: mikko.rapeli@linaro.org
To: docs@lists.yoctoproject.org
Cc: Mikko Rapeli <mikko.rapeli@linaro.org>
Subject: [PATCH 0/4] Improve CVE check and patching documentation
Date: Wed, 26 Oct 2022 16:12:03 +0300
Message-Id: <20221026131207.3655961-1-mikko.rapeli@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Improve CVE check and patching documentation | expand

Message

Mikko Rapeli Oct. 26, 2022, 1:12 p.m. UTC

From: Mikko Rapeli <mikko.rapeli@linaro.org>

I think detecting and fixing CVE security issues in yocto based distros
is quite important so improve the documentation around it. I've been
using cve-check.bbclass for a long time and these details hopefully
make it easier for others to start using it as well.

Mikko Rapeli (4):
  ref-manual/variables.rst: add documentation for CVE_VERSION
  classes.rst: improve documentation for cve-check.bbclass
  common-tasks.rst: add regular updates and CVE scans to security best
    practices
  common-tasks.rst: refactor and improve "Checking for Vulnerabilities"
    section

 documentation/dev-manual/common-tasks.rst | 183 +++++++++++++++++-----
 documentation/ref-manual/classes.rst      |  52 +++++-
 documentation/ref-manual/variables.rst    |  12 ++
 3 files changed, 204 insertions(+), 43 deletions(-)

Comments

Michael Opdenacker Oct. 26, 2022, 1:47 p.m. UTC | #1

Hi Mikko

On 10/26/22 15:12, Mikko Rapeli wrote:
> From: Mikko Rapeli <mikko.rapeli@linaro.org>
>
> I think detecting and fixing CVE security issues in yocto based distros
> is quite important so improve the documentation around it. I've been
> using cve-check.bbclass for a long time and these details hopefully
> make it easier for others to start using it as well.
>
> Mikko Rapeli (4):
>    ref-manual/variables.rst: add documentation for CVE_VERSION
>    classes.rst: improve documentation for cve-check.bbclass
>    common-tasks.rst: add regular updates and CVE scans to security best
>      practices
>    common-tasks.rst: refactor and improve "Checking for Vulnerabilities"
>      section
>
>   documentation/dev-manual/common-tasks.rst | 183 +++++++++++++++++-----
>   documentation/ref-manual/classes.rst      |  52 +++++-
>   documentation/ref-manual/variables.rst    |  12 ++
>   3 files changed, 204 insertions(+), 43 deletions(-)


Many thanks for all these. They are much appreciated, and I also found 
that the CVE management document wasn't sufficient.
My reviews are following (when there is something to say).
Cheers
Michael.