Re: FYI NVD legacy feeds are deprecated

To: Andrew Pollock <apollock@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: FYI NVD legacy feeds are deprecated
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 12 Oct 2022 10:00:35 +0200
Message-id: <[🔎] Y0Z0I42nkRtc8piw@eldamar.lan>
Mail-followup-to: Andrew Pollock <apollock@debian.org>, debian-security-tracker@lists.debian.org
In-reply-to: <[🔎] CA+qKYnR7X-621kscDBy40JWu4UiUrc2xatFo+D4qGUx3beK=8Q@mail.gmail.com>
References: <[🔎] CA+qKYnR7X-621kscDBy40JWu4UiUrc2xatFo+D4qGUx3beK=8Q@mail.gmail.com>

Hi,

On Tue, Oct 11, 2022 at 11:57:23PM -0700, Andrew Pollock wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Hi,
> 
> I was poking around at the scripts at
> https://salsa.debian.org/security-tracker-team/security-tracker and I
> noticed you're consuming the NVD's legacy JSON feeds.
> 
> I wanted to make sure you're aware of deprecation and upcoming removal per
> https://nvd.nist.gov/General/News/change-timeline
> 
> My day job involves working on OSV[1], and I'm planning on getting in touch
> soon to discuss if the OSV schema[2] would be useful to publish natively
> along with your existing DSAs. I'm first taking the time to school myself
> on how things currently operate before popping out of the blue with a
> proposal.
> 
> I only recently learned of the deprecation myself, and it's required some
> course correction in how we're ingesting data from the NVD.

Actually we do not use to dislay NVD severities anymore (they are
quite useless in our context) and should remove them as well where
remaining as well from the rest of the tracker.

Thank you.

Regards,
Salvatore

Reply to:

References:
- FYI NVD legacy feeds are deprecated
  - From: Andrew Pollock <apollock@debian.org>

Prev by Date: FYI NVD legacy feeds are deprecated
Next by Date: External check
Previous by thread: FYI NVD legacy feeds are deprecated
Next by thread: Postgresql-13 - CVE-2022-2625 - Difference between security-tracker and changelog
Index(es):
- Date
- Thread