1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-15 15:37:03 +00:00

Add a new "Security" section

The current security-related documentation is a bit hard to find and
hidden within the development manual. However these are processes that
are not part of a development task but is rather a vulnerability
reporting process.

Create a new "Security" section in the documentation to gather this
information. This will be directly visible in the sidebar when opening
the documentation.

Split the previous security-subjects.rst document into 2 documents:

- security-team.rst: defines the roles of the security teams and its
  members.

- reporting-vulnerabilities.rst: guide to report vulnerabilities to the
  security team.

The plan is to backport these documents to active releases. As a
consequence, this section should be free of instructions and information
that only make sense for a specific release. It should _not_ contain
documents on how to enable security features with Yocto on target
devices, this is unrelated and can be left in the development manual
(for example: dev-manual/vulnerabilities.rst to deal with CVEs).

(From yocto-docs rev: 80556704f8b60b5bf903da497909cfda7dd1b28b)

Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 81e14ca2d5cff9e2104c556655144b069633790c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Antonin Godard
2025-12-04 16:23:05 +01:00
committed by Richard Purdie
parent 495e1c2ed0
commit 9b6d0d6e5a
7 changed files with 216 additions and 197 deletions
@@ -0,0 +1,14 @@
.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
================================
Yocto Project Security Reference
================================
.. toctree::
:caption: Table of Contents
:numbered:
security-team
reporting-vulnerabilities
.. include:: /boilerplate.rst