Yocto vs Ubuntu Core: maintenance

Given the ongoing investment in expensive kernel engineers, manufacturers often opt to go to production with a Yocto-based system but soon realise they are on their own regarding security and upgrades. The maintenance effort and management of variants prove to be unexpected pain points they hadn’t factored in. Manually maintaining a Yocto-based image for an embedded device is arguably a frustrating, ongoing activity distracting enterprises from their core business objectives.

Also, as different Yocto vendors are not compatible and every image needs to be independently maintained, companies require substantial expertise and skilled kernel engineers in-house for the management of variants and maintenance efforts not to turn into a failed product.

On the other hand, Canonical supports and provides security updates to the base OS, critical software packages and the infrastructure components of Ubuntu Core. The kernel team carefully maintains all Ubuntu kernels and their variants. Via rigorous management of all Linux kernel CVE lists, review and application of all relevant patches for critical kernel defects in the mailing lists, and rigorously testing newly updated kernels end-to-end each SRU cycle, your embedded Linux project is now as secure as your servers.

Ubuntu Core achieves high kernel reliability through a thoughtful design process, a skilled engineering team, and volume of use in production. While most are familiar with design and engineering, volume and diversity of implementation are perhaps even more noteworthy. The more enterprises and developers rely on it, the more the Ubuntu Linux kernel is rigorously tested, refined, and improved. As most production workloads run on Ubuntu, the Ubuntu kernel is arguably the most production tested kernel in the Linux landscape.


All very true but you are forgetting the majority IoT companies don’t bother with updates as it’s just too expensive to be competitive in the IoT. Sorry that is the state of competition in IoT world.

My customer is demanding code scans and router real-time detection of any phone home. They also have zero interest in any updates regardless as it is just costly for really cheap IoT devices. rR Rebuilding from Ubuntu source and removing any resignation/call back code s too much work as it’s easier to just build from minimal Buildroot and only add exactly what is needed.

1 Like

Agree. Most customers do not really care about maintaince. Actually, they do not know if their products can survive after a year.

@jjliu @thetick Fair point. I would argue I am not referring to just any manufacturer of tightly embedded devices. For one, HW enablement and a model based on updates will not be cheap, particularly if we’re talking about large-scale deployments. So the consumers must have the resources to afford such a solution. But if they do have a reputation for security, constant updates and maintaining their devices, that’s exactly what they care about and the top priority for them. This may exclude the small entrepreneur trying to get a startup off the ground in the low-end IoT space