From 5ad2c488097e7ee01a77d2b6eb4a5a5b60f6f081 Mon Sep 17 00:00:00 2001
From: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Date: Mon, 25 Nov 2024 17:48:13 +0100
Subject: [PATCH] Add SECURITY.md file as required now by upstream

YP now requires this file to be present. Add it.

Bug-AGL: SPEC-5309
Change-Id: I11aee7f62e85e35298aad47e5daeee16b0026ab0
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/30549
ci-image-build: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
Tested-by: Jenkins Job builder account
---
 meta-agl-bsp/SECURITY.md       | 19 +++++++++++++++++++
 meta-agl-core/SECURITY.md      | 19 +++++++++++++++++++
 meta-agl-flutter/SECURITY.md   | 19 +++++++++++++++++++
 meta-agl-kuksa-val/SECURITY.md | 19 +++++++++++++++++++
 meta-app-framework/SECURITY.md | 19 +++++++++++++++++++
 meta-netboot/SECURITY.md       | 19 +++++++++++++++++++
 meta-pipewire/SECURITY.md      | 19 +++++++++++++++++++
 7 files changed, 133 insertions(+)
 create mode 100644 meta-agl-bsp/SECURITY.md
 create mode 100644 meta-agl-core/SECURITY.md
 create mode 100644 meta-agl-flutter/SECURITY.md
 create mode 100644 meta-agl-kuksa-val/SECURITY.md
 create mode 100644 meta-app-framework/SECURITY.md
 create mode 100644 meta-netboot/SECURITY.md
 create mode 100644 meta-pipewire/SECURITY.md

diff --git a/meta-agl-bsp/SECURITY.md b/meta-agl-bsp/SECURITY.md
new file mode 100644
index 000000000..a3c80fdd3
--- /dev/null
+++ b/meta-agl-bsp/SECURITY.md
@@ -0,0 +1,19 @@
+How to Report a Potential Vulnerability?
+========================================
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it to security AT automotivelinux DOT org 
+
+If you are dealing with a not-yet released or urgent issue, please send a
+message to security AT automotivelinux DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.
+
+Branches maintained with security fixes
+---------------------------------------
+
+See [https://wiki.automotivelinux.org/schedule this page]
+for detailed info regarding the policies and maintenance of Stable branches.
+
+The [https://wiki.automotivelinux.org/agl-distro/release-notes Release page]
+contains a list of all releases of Automotive Grade Linux.
diff --git a/meta-agl-core/SECURITY.md b/meta-agl-core/SECURITY.md
new file mode 100644
index 000000000..a3c80fdd3
--- /dev/null
+++ b/meta-agl-core/SECURITY.md
@@ -0,0 +1,19 @@
+How to Report a Potential Vulnerability?
+========================================
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it to security AT automotivelinux DOT org 
+
+If you are dealing with a not-yet released or urgent issue, please send a
+message to security AT automotivelinux DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.
+
+Branches maintained with security fixes
+---------------------------------------
+
+See [https://wiki.automotivelinux.org/schedule this page]
+for detailed info regarding the policies and maintenance of Stable branches.
+
+The [https://wiki.automotivelinux.org/agl-distro/release-notes Release page]
+contains a list of all releases of Automotive Grade Linux.
diff --git a/meta-agl-flutter/SECURITY.md b/meta-agl-flutter/SECURITY.md
new file mode 100644
index 000000000..a3c80fdd3
--- /dev/null
+++ b/meta-agl-flutter/SECURITY.md
@@ -0,0 +1,19 @@
+How to Report a Potential Vulnerability?
+========================================
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it to security AT automotivelinux DOT org 
+
+If you are dealing with a not-yet released or urgent issue, please send a
+message to security AT automotivelinux DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.
+
+Branches maintained with security fixes
+---------------------------------------
+
+See [https://wiki.automotivelinux.org/schedule this page]
+for detailed info regarding the policies and maintenance of Stable branches.
+
+The [https://wiki.automotivelinux.org/agl-distro/release-notes Release page]
+contains a list of all releases of Automotive Grade Linux.
diff --git a/meta-agl-kuksa-val/SECURITY.md b/meta-agl-kuksa-val/SECURITY.md
new file mode 100644
index 000000000..a3c80fdd3
--- /dev/null
+++ b/meta-agl-kuksa-val/SECURITY.md
@@ -0,0 +1,19 @@
+How to Report a Potential Vulnerability?
+========================================
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it to security AT automotivelinux DOT org 
+
+If you are dealing with a not-yet released or urgent issue, please send a
+message to security AT automotivelinux DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.
+
+Branches maintained with security fixes
+---------------------------------------
+
+See [https://wiki.automotivelinux.org/schedule this page]
+for detailed info regarding the policies and maintenance of Stable branches.
+
+The [https://wiki.automotivelinux.org/agl-distro/release-notes Release page]
+contains a list of all releases of Automotive Grade Linux.
diff --git a/meta-app-framework/SECURITY.md b/meta-app-framework/SECURITY.md
new file mode 100644
index 000000000..a3c80fdd3
--- /dev/null
+++ b/meta-app-framework/SECURITY.md
@@ -0,0 +1,19 @@
+How to Report a Potential Vulnerability?
+========================================
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it to security AT automotivelinux DOT org 
+
+If you are dealing with a not-yet released or urgent issue, please send a
+message to security AT automotivelinux DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.
+
+Branches maintained with security fixes
+---------------------------------------
+
+See [https://wiki.automotivelinux.org/schedule this page]
+for detailed info regarding the policies and maintenance of Stable branches.
+
+The [https://wiki.automotivelinux.org/agl-distro/release-notes Release page]
+contains a list of all releases of Automotive Grade Linux.
diff --git a/meta-netboot/SECURITY.md b/meta-netboot/SECURITY.md
new file mode 100644
index 000000000..a3c80fdd3
--- /dev/null
+++ b/meta-netboot/SECURITY.md
@@ -0,0 +1,19 @@
+How to Report a Potential Vulnerability?
+========================================
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it to security AT automotivelinux DOT org 
+
+If you are dealing with a not-yet released or urgent issue, please send a
+message to security AT automotivelinux DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.
+
+Branches maintained with security fixes
+---------------------------------------
+
+See [https://wiki.automotivelinux.org/schedule this page]
+for detailed info regarding the policies and maintenance of Stable branches.
+
+The [https://wiki.automotivelinux.org/agl-distro/release-notes Release page]
+contains a list of all releases of Automotive Grade Linux.
diff --git a/meta-pipewire/SECURITY.md b/meta-pipewire/SECURITY.md
new file mode 100644
index 000000000..a3c80fdd3
--- /dev/null
+++ b/meta-pipewire/SECURITY.md
@@ -0,0 +1,19 @@
+How to Report a Potential Vulnerability?
+========================================
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it to security AT automotivelinux DOT org 
+
+If you are dealing with a not-yet released or urgent issue, please send a
+message to security AT automotivelinux DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.
+
+Branches maintained with security fixes
+---------------------------------------
+
+See [https://wiki.automotivelinux.org/schedule this page]
+for detailed info regarding the policies and maintenance of Stable branches.
+
+The [https://wiki.automotivelinux.org/agl-distro/release-notes Release page]
+contains a list of all releases of Automotive Grade Linux.
-- 
2.16.6