FYI NVD legacy feeds are deprecated
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
I was poking around at the scripts at
https://salsa.debian.org/security-tracker-team/security-tracker and I
noticed you're consuming the NVD's legacy JSON feeds.
I wanted to make sure you're aware of deprecation and upcoming removal per
https://nvd.nist.gov/General/News/change-timeline
My day job involves working on OSV[1], and I'm planning on getting in touch
soon to discuss if the OSV schema[2] would be useful to publish natively
along with your existing DSAs. I'm first taking the time to school myself
on how things currently operate before popping out of the blue with a
proposal.
I only recently learned of the deprecation myself, and it's required some
course correction in how we're ingesting data from the NVD.
regards
Andrew
[1]https://osv.dev
[2]https://ossf.github.io/osv-schema/
-----BEGIN PGP SIGNATURE-----
Version: FlowCrypt Email Encryption 8.3.8
Comment: Seamlessly send and receive encrypted email
wsFzBAEBCgAGBQJjRmVRACEJEFHf2Ts++3nvFiEEW3Akls+mpQcjnC15Ud/Z
Oz77ee9wEw//fYsIKp4bGCVfS5PuT1Q1jFl81SB/wKdCKZSbgyqnabsQwa3K
DVvBpcRexWIKRKY3UpFyUxJ1d5Eyvj3dlEr0EPTEziaB5pqmbRB+f2dOXXAt
rKZLOjFKyfYKPCBLslURIgday6O7dF4VFXOthPDWfB2hXwYg3bAMgyl6Knmp
PI7fB8Y0wa9LMbTosoMUB4k5VOWTjbO8g2WSxqNcdEbA4ACCln0A4xnJFkHM
YytzJy2FkFYb69h4uM83NykwxtuYQUcLFamYY2UuNW93B1mqF8P7xQrbw0ke
QhfjcKzWeHiXrhEVdGLAr03aRYpoHK7IQr6BAPUTL10JRjfVuYiniM4Y30Kx
Zb1MvuiUSbJvok6BtnN9R5KN1dgBG76j+XgxlAwn4oLyjTDs8TShdWhU0oDN
51YjPDfat+MjKLcJKU7WGGQk0Mj9/GbqkRiWUMuTzh8Q1IrRLXsthKpQ/Bst
x7griqdzjNGPvPdpVRlvh6ashA9tSgSnoVw2B+an71QEjpds2L+AG+N7IlVs
MgzWhm/qsd/3QHwAiKqpIhBlonrYlaG9ZNrqFZIJV2nkKUdzmdsl2JWCrkjw
X+2U6+emyxtEfd/UrjpQfAItF+0vID4QWUu2LSqZwMCTUyuQ5EPp5LBPW2lA
TpipCgkdCsw+jM+QB8+zcAL95tpOdH7zNgc=
=qfRx
-----END PGP SIGNATURE-----
Reply to: