Consuming StX updates

Add clarification and guidance for security and patching limitations and work-arounds. Correct copy/paste error. Launchpad: 1990142 Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: I97dce2e0320b4fdceb43ad128963737745ea13df
2022-10-06 08:57:38 -04:00 · 2022-10-06 08:57:38 -04:00 · 748740b0ed
commit 748740b0ed
parent 78acfe4e6f
1 changed files with 45 additions and 32 deletions
--- a/doc/source/introduction/consuming.rst
+++ b/doc/source/introduction/consuming.rst
@ -2,52 +2,65 @@
 Consuming StarlingX
 ===================

-StarlingX is ready for you to use today, however, limitations exist regarding
-what you can do with the open source software. Software features like secure
-boot and live software update are not fully enabled by the community.
+While |prod| is a ready-to-use solution, it is important to understand some
+limitations to what you can do with the open source software and |prod| 
+Community ISO builds. Software features like secure boot, live software
+update/patching and live software upgrades are not fully enabled by the
+community.

-The community does not provide signed software images, which are needed to enable
-features that depend on signed images to implement security features. Providing
-signed images is typically the responsibility of commercial vendors or the users
-themselves. Here are three ways in which you can consume StarlingX.
+*  The community does not provide signed software images, which are needed to
+   implement security features such as |UEFI| Secure Boot. Providing signed images
+   is typically the responsibility of commercial vendors or the users
+   themselves.
+   
+*  The commuity does not provide software updates/patches (i.e. for bug fixes or
+   new |CVE| vulnerabilities) to |prod| released ISOs.
+   
+*  The community does not support or test software upgrades from one |prod|
+   release to the next |prod| Release. Very often, for software upgrades to
+   work from |prod| release N (old/existing) to |prod| release N+1 (new),
+   a software-upgrade-enabling 'update/patch' is required for |prod|
+   release N. Because the |prod| community does not provide/build software
+   update patches, this patch is not available from the |prod| community,
+   and therefore software upgrades may not necessarily work and are not tested
+   by the |prod| community.
+
+Here are three ways in which you can consume |prod|.

---------------------------
 Deploy the open source code
 ---------------------------
+You can use the open source software directly. Our community partner CENGN
+provides a |prod| mirror with ready-to-run ISO images of the current |prod|
+releases and daily builds. 

-You can use the open source software directly. Our community partner CENGN provides
-a StarlingX mirror with ready to run ISO images of the current StarlingX releases and
-daily builds. View the
-`CENGN StarlingX mirror <http://mirror.starlingx.cengn.ca/mirror/starlingx/>`_.
+View the `CENGN StarlingX mirror
+<http://mirror.starlingx.cengn.ca/mirror/starlingx/>`_.

 As previously mentioned, these images are not signed and thus do not support
-secure boot or live software updates. You can also build your own images.
+secure booting. Also, as previously mentioned, live software updates may not
+necessarily work without software patches, which are not currently provided by
+the |prod| community.

-The StarlingX community recommends that users planning to deploy the open source
-software use the release images, which have been tested and validated by the
-community. Developers planning to work against the tip of the source trees
-typically use the daily builds.
+The |prod| community recommends that users planning to deploy the open source
+software use the tested and validated release images.

+Developers planning to work against the tip of the source trees typically use
+the daily builds.

-
---------------------------------------
 Deploy an internal version of StarlingX
 ---------------------------------------
+Your company can form a team to create their own version of |prod| for internal
+use. Such a team can do acceptance testing of the open source software,
+customize it as needed, sign their own internal images (to enable features such
+as |UEFI| Secure Boot), and build and deliver software updates/patches that will
+also enable testing and support of software upgrades.

-If you are part of a company, the company itself can create a team to create
-their own version of StarlingX for internal use. Such a team can do acceptance
-testing of the open source software, customize it as needed, sign their own
-internal images, and use the features in StarlingX to enable secure boot and to
-develop and deliver live software updates (patches) to their internal users.
-
-------------------------
 Deploy code from a vendor
 -------------------------
+You can consume a commercial vendor's |prod|-based product or solution. Vendors
+provide signed images and support for software updates/patches and software
+upgrades. They may also add features or content to the open source software and
+they may provide other services such as technical support.

-You can consume a commercial vendor's StarlingX-based product or solution.
-Vendors provide signed images and signed software updates. They may also add
-features or content to the open source software and they may provide other
-services such as technical support.
-
-The StarlingX community expects several vendors to provide StarlingX-based products
+The |prod| community expects several vendors to provide |prod|-based products
 and solutions. We hope to see more as our community grows.