Re: DSAs really missing from the tracker
On Wed, April 1, 2009 22:00, Michael S. Gilbert wrote:
> Even though it's not always daily, this is still a significant
> improvement over previous years, in which updates would occur once a week
> or less. For the CVE data updates, our security processes require manual
> steps as part of a defense-in-depth strategy.
>
> it looks like they have no intention of keeping their databases in sync
> with NVD. for me, this is strong evidence that a switch to NVD is
> necessary.
Yes, this is a known item. I'm fairly certain that we already received
patches from, I think, Gentoo to our scripts to use NVD. Check out the
archives of this list and the secure-testing list to find them; I cannot
do a search for them now but could perhaps find some time tonight to
retrieve it.
cheers,
Thijs
Reply to: