diff mbox series

[v2,3/4] dev-manual: common-tasks.rst: add regular updates and CVE scans to security best practices

Message ID 20221026160713.2068570-4-michael.opdenacker@bootlin.com
State New
Headers show
Series Improve CVE check and patching documentation | expand

Commit Message

Michael Opdenacker Oct. 26, 2022, 4:07 p.m. UTC 
From: Michael Opdenacker <michael.opdenacker@bootlin.com>

From: Mikko Rapeli <mikko.rapeli@linaro.org>

Regular security scans and updates to fix issues and updates from
upstream maintainers are best practices.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
---
 documentation/dev-manual/common-tasks.rst | 7 +++++++
 1 file changed, 7 insertions(+)
diff mbox series

Patch

diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst
index 53e7686633..d435bc8a4c 100644
--- a/documentation/dev-manual/common-tasks.rst
+++ b/documentation/dev-manual/common-tasks.rst
@@ -6231,6 +6231,13 @@  more secure:
    vulnerabilities discovered in the future. This consideration
    especially applies when your device is network-enabled.
 
+-  Regularly scan and apply fixes for CVE security issues affecting
+   all software components in the product, see ":ref:`dev-manual/common-tasks:checking for vulnerabilities`".
+
+-  Regularly update your version of Poky and OE-Core from their upstream
+   developers, e.g. to apply updates and security fixes from stable
+   and LTS branches.
+
 -  Ensure you remove or disable debugging functionality before producing
    the final image. For information on how to do this, see the
    ":ref:`dev-manual/common-tasks:considerations specific to the openembedded build system`"