[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSAs really missing from the tracker

On Wed, April 1, 2009 22:00, Michael S. Gilbert wrote:
> Even though it's not always daily, this is still a significant
> improvement over previous years, in which updates would occur once a week
> or less. For the CVE data updates, our security processes require manual
> steps as part of a defense-in-depth strategy.
>
> it looks like they have no intention of keeping their databases in sync
> with NVD.  for me, this is strong evidence that a switch to NVD is
> necessary.

Yes, this is a known item. I'm fairly certain that we already received
patches from, I think, Gentoo to our scripts to use NVD. Check out the
archives of this list and the secure-testing list to find them; I cannot
do a search for them now but could perhaps find some time tonight to
retrieve it.


cheers,
Thijs
Reply to: