[Secure-testing-commits] r15974 - in data: . CPE
Michael Gilbert
michael.s.gilbert at gmail.com
Wed Jan 26 21:37:46 UTC 2011
On Wed, 26 Jan 2011 22:05:09 +0100, Petter Reinholdtsen wrote:
> [Michael Gilbert]
> > Is this the best way to do this? Would it be better for this info
> > to be declared in package control files so it can be automatically
> > aggregated when changes happen? Otherwise, this file is bound to
> > get outdated.
>
> As I said on debian-devel@, I suspect adding it to debian/control in
> each package is a good idea, but saw no point in waiting for that to
> happen before testing the idea of comparing NVD and the Debian CVE
> list.
>
> When the file is outdated, we can hopefully generate it from the
> control files in the archive. :)
OK, seems logical. Just curious, how did you generate this initial
cross-reference? Was it automated, and are you sure that its 100%
accurate?
Also, is there any value in including packages that don't have a CPE
yet?
Best wishes,
Mike
More information about the Secure-testing-commits
mailing list