Re: DSAs really missing from the tracker
On Thu, 2 Apr 2009 10:59:10 +0200, Thijs Kinkhorst wrote:
> On Wed, April 1, 2009 22:00, Michael S. Gilbert wrote:
> > Even though it's not always daily, this is still a significant
> > improvement over previous years, in which updates would occur once a week
> > or less. For the CVE data updates, our security processes require manual
> > steps as part of a defense-in-depth strategy.
> >
> > it looks like they have no intention of keeping their databases in sync
> > with NVD. for me, this is strong evidence that a switch to NVD is
> > necessary.
>
> Yes, this is a known item. I'm fairly certain that we already received
> patches from, I think, Gentoo to our scripts to use NVD. Check out the
> archives of this list and the secure-testing list to find them; I cannot
> do a search for them now but could perhaps find some time tonight to
> retrieve it.
i found the NVD scripts in secure-testing's svn, and they run, but
i haven't checked whether they actually do what we expect. i will
modify if need be. i will also need to tie these in to the updater,
which should be fairly straightforward.
mike
Reply to: