Yocto Project Summit 2023.11

How to submit a CVE fix to the Yocto Project?
11-30, 13:20–13:35 (UTC), Nanbield

Do you have a fix ready for a security issue? Do you know how to submit it to the Yocto Project (YP)? In this hands-on, Marta will show the path from a security issue reported by the YP CVE check do an accepted fix. You will learn about file naming, choosing the right branch, testing your patch and more!

This talk is prepared as reference material for people unfamiliar with the Yocto project (like security researchers and maintenance engineers). Marta will show step-by-step instructions on submitting a fix for a security issue and getting it accepted on the first try!

See also: Talk slides v2 (415.1 KB)

Marta Rybczynska has a network security background and 20 years of experience in Open Source, including 15 years in embedded development. She has been working with embedded operating systems like Linux and various real-time ones, system libraries, and frameworks up to user interfaces. Her specialties are architecture-specific parts of the Linux kernel. In the past, Marta served as Vice-President and treasurer for KDE e.V. She has been involved in various Open Source projects and contributed kernel-related guest articles for LWN.net. In 2021, she founded Syslinbit, an Open Source consulting company. She has experience with presentations at scientific and free software conferences, including LinuxCon, Open Source Summit, Embedded Linux Conference, Akademy, FOSDEM, and FOSS-north.

This speaker also appears in: