diff mbox series

[meta-lts-mixins,wrynose/linux-firmware,3/3] SECURITY.md: describe security policy and pointers

Message ID 20260617-fix-check-layers-v1-3-d1b60c899440@oss.qualcomm.com
State New
Headers show
Series layer: make it Yocto Project compliant | expand

Commit Message

Dmitry Baryshkov June 17, 2026, 7:21 p.m. UTC 
Add secutity policy (based on the one from OE-Core) as required by
yocto-check-layers for Yocto Project Compliance.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
---
 SECURITY.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
diff mbox series

Patch

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000000..0aeff07e48da
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,23 @@ 
+How to Report a Potential Vulnerability
+=======================================
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it using the mailing list as described in README.md
+If you have a patch ready, submit it following the same procedure as any other
+patch as described in README.md.
+
+If you are dealing with a not-yet released or urgent issue, please send a
+message to the layer maintainers, including as many details as
+possible: the software module affected, the recipe and its version,
+and any example code, if available.
+
+Branches maintained with security fixes
+---------------------------------------
+
+See [Stable release and LTS](https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS)
+for detailed info regarding the policies and maintenance of Stable branches.
+
+The [Release page](https://wiki.yoctoproject.org/wiki/Releases) contains
+a list of all releases of the Yocto Project. Versions in grey are no longer
+actively maintained with security patches, but well-tested patches may still
+be accepted for them for significant issues.