Hi, When working on CVEs, I often query the security-tracker git to better understand the issue, including checking how recent it is, or finding explanatory commit messages. Due to git-blame (and git in general) not handling 20MB+ files well, and inconsistent commit practices, this can be time-consuming. I recently experimented with rewriting+updating the Git history to make this information more directly accessible -- here's my current result! https://salsa.debian.org/beuc/cvehist (`gitk 2020/4050` screenshot attached) This can also help to check the feasibility of CVE reactivity analysis which we discussed in the previous meeting. To make the initial export complete in reasonable time (17h with a filter implemented in C) and have the result shareable on salsa, I optimized several things, in particular dropped empty NOT-FOR-US/RESERVED/REJECTED entries (80% of data/CVE/list). I'd welcome your feedback, what do you think? Cheers! Sylvain
Attachment:
cvehist-gitk.png
Description: PNG image