I think that LTS is something that you would usually go to one of the many "for 
hire" software houses that are part of the yocto community. ... or you have to 
do it yourself.

These are usually based on a subscription model of support for distros as 
supported by the vendor.

Just my opinion, new yocto releases with everything at the bleeding edge is 
like a commodity product.  Having a release maintained with all the CVEs and 
critical bug fixes is a value add.

For example, a router you buy at a computer store is a commodity product, but a 
gateway product designed to operate inside a vehicle environment is a value add.

Anyone whose business model depends on such higher bar of quality, should be 
prepared to pay at least a share of the cost it would take to DIY.

You aren't so much paying for a specific snapshot (as technically you can get 
it for free under terms of most FOS licenses), but you are paying for a dynamic 
feed, and a model of synchronizing your work with such a feed.

I spend a certain amount of time applying CVE fixes to packages, and in some 
cases I even upgrade the version.  I try to keep this separate from what the 
team uses to customize the distro for our application using layers and 
bbappends. Still people sometimes take shortcuts, modifying a bbappend (or bb) 
in the wrong layer and then they wonder why their change got abandoned during 
an upgrade.

It takes a fair amount of effort to keep on top of this.  In the end, each 
organization must take ownership for quality.  This not something you can 
abdicate even to the best of value add vendors.

That said, maybe there are some better ways of partnering that can be explored.




Darcy Watkins
Staff Engineer, Firmware
Sierra Wireless

On Nov 6, 2016, at 7:35 AM, Vuille, Martin (Martin) 
<vmar...@avaya.com<mailto:vmar...@avaya.com>> wrote:

Has there ever been any discussion of making select releases
“Long Term Support” releases, i.e., committing to support them
for a number of years?

Presumably that would entail having the resources to commit
a maintainer to that release for the LTS interval.

Out of curiosity, how much effort is required (on average) to
maintain a non-current release with at least CVEs and maybe
critical bug fixes from upstream?

yocto mailing list
yocto mailing list

Reply via email to