Explore maintenance and security practices for Yocto Project-based distributions in this conference talk. Gain insights into best practices and potential pitfalls when following official YP branches, learn about running cve-check and SPDX generation on entire distributions, and discover experiences with the yocto-check-layer tool. Delve into real-world scenarios, including blocked updates due to regressions and decision-making processes for forking third-party layers. Examine the Oniro project, a distribution designed for product usage that follows Yocto Project LTS branches, and understand the challenges faced during implementation of quality and maintenance functions. Discover how to handle regressions, corner cases, and other issues that arise during distribution maintenance. Learn about the differences between maintenance and development, LTS support in Eclipse Oniro, layer layout, and bugfix processes. Explore maintenance improvements, including handling dangling bbappends, understanding cve-check capabilities, and addressing CVEs in the Linux kernel. Walk away with valuable takeaways to apply to your own Yocto Project-based distribution maintenance and security efforts. Read more