As every six months for the last two years, a new virtual edition of the Yocto Project Summit is coming, and its schedule has been announced.
This summit will be over 3 days:
- Tuesday, November 29
Two tracks in parallel, a beginner track and a “hands-on” track for people already familiar with the concepts.
- Wednesday, November 30
Only one track, with intermediate level talks on all kinds of topics.
- Thursday, December 1
Only one track, starting with “product showcase” talks and going on with intermediate level talks on various topics too.
Last but not least, at the end of each day, you will get a chance to hangout with other contributors and users, and ask all the questions that you may have.
Bootlin is proud to contribute one talk to this summit: Bitbaking SPDX SBoM which we will prepare and present. This talk will cover one of the topics we explored to document features of the Yocto Project which had no documentation yet. SPDX and SBoM are related to software supply chain security, vulnerability management and license compliance. These are hot topics these days, and there will be another presentation about SBoMs (SBoMs and Supply Chain with the Yocto Project by Joshua Watt), and two about security (Detecting and fixing CVE security issues in yocto based embedded Linux distribution by Mikko Rapeli, and Maintenance and Security of a Yocto Project-based Distribution: A Year of Experiences by Marta Rybczynska).
Bootlin is indeed involved in the Yocto Project by maintaining its documentation (see the active contributors through the git repository), and also a participant to the Yocto SWAT team, keeping track of all the issues encountered by the autobuilder machines and runs.
Though the Yocto Project and OpenEmbedded are Open Source projects, registration for this conference is not free but just costs 40 USD, to cover infrastructure and staffing costs, the event being hosted by the Linux Foundation.