Re: Why and when we need to migrate to newer #yocto version? #yocto
toggle quoted messageShow quoted text
The versions of libraries and tools are not independent from Yocto versions, in fact they are directly defined through oe-core metadata that is in a specific Yocto version.
For examples, what version of openssl is in your yocto builds? Is it supported/maintained upstream? What are you going to do if a critical security vulnerability is discovered in that version?
This extends to all of the packages: it makes sense to use the most recent Yocto version for two primary reasons:
- the stack is much less likely to contain security vulnerabilities
- it is much easier to satisfy project requirements w.r.t. version compatibility, or needed features, if those features are only available in recent versions of the package.
This mailing list gets horror stories all the time from people who are for some reason using some ancient Yocto, then a customer requirement arrives that can only be satisfied through updating to a newer Yocto, or backporting a major component to the old Yocto; both impossible or nearly impossible tasks. You do not want to end up in that situation.
On Thu, 4 Jun 2020 at 10:18, <requinham@...> wrote: