All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dimi Tomov <dimi@tpm.dev>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Buildroot Mailing List <buildroot@buildroot.org>
Subject: Re: [Buildroot] [PATCH 2/2] package/wolftpm: drop WOLFTPM_CPE_ID_VENDOR
Date: Sat, 11 Jun 2022 23:58:48 +0300	[thread overview]
Message-ID: <c9962256fbb1953ca91d02a16bf2cfe7@tpm.dev> (raw)
In-Reply-To: <CAPi7W81ydL4GF9YT4fndgthxFnhQ17yXCAugF=gqQDJ-UxYnNA@mail.gmail.com>

Hello Fabrice,

Now I understand the motivation behind your second patch. I also believe 
that there has been no CVE (yet) in wolfTPM. This patch makes sense.

Thank you for the contribution.

Dimi
-- 
Founder of TPM.dev


On 2022-06-11 11:38 PM, Fabrice Fontaine wrote:
> Le sam. 11 juin 2022 à 22:24, Dimi Tomov <dimi@tpm.dev> a écrit :
>> 
>> wolfssl[1] and wolfTPM[2] are open-source products of the same 
>> company,
>> wolfSSL Inc. [3]
>> 
>> Therefore, the wolfssl and wolftpm package share the same
>> WOLFTPM_CPE_ID_VENDOR.
>> 
>> In case that the CPE_ID_VENDOR is incorrect then this is true also for
>> the wolfssl package where the value originated.
> 
> wolfssl's CPE ID is correct as it is registered in the NVD NIST 
> database [1].
> 
> However, wolftpm product has not been registered to the NVD NIST
> database (presumably because no CVEs were found yet in wolftpm).
> So, this patch is correct.
> If you want to put back WOLFTPM_CPE_ID_VENDOR, I would advise to first
> send an email to cpe_dictionary@nist.gov [2] to register wolftpm
> product.
> 
> [1] 
> https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awolfssl%3Awolfssl
> [2] https://nvd.nist.gov/products/cpe
>> 
>> Thank you for bringing this topic up for discussion.
>> 
>> [1] https://www.wolfssl.com/products/wolfssl/
>> [2] https://www.wolfssl.com/products/wolftpm/
>> [3] https://www.wolfssl.com/
>> 
>> Regards,
>> Dimi
>> --
>> Founder of TPM.dev
>> 
>> On 2022-06-11 05:35 PM, Fabrice Fontaine wrote:
>> > cpe:2.3:a:wolfssl:wolftpm has never been a valid CPE identifier for
>> > this
>> > package:
>> >
>> >
>> > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awolfssl%3Awolftpm
>> >
>> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> > ---
>> >  package/wolftpm/wolftpm.mk | 1 -
>> >  1 file changed, 1 deletion(-)
>> >
>> > diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk
>> > index f0cf0df0d3..042ccd22e1 100644
>> > --- a/package/wolftpm/wolftpm.mk
>> > +++ b/package/wolftpm/wolftpm.mk
>> > @@ -9,7 +9,6 @@ WOLFTPM_SITE = $(call
>> > github,wolfSSL,wolfTPM,v$(WOLFTPM_VERSION))
>> >  WOLFTPM_INSTALL_STAGING = YES
>> >  WOLFTPM_LICENSE = GPL-2.0+
>> >  WOLFTPM_LICENSE_FILES = LICENSE
>> > -WOLFTPM_CPE_ID_VENDOR = wolfssl
>> >  WOLFTPM_CONFIG_SCRIPTS = wolftpm-config
>> >
>> >  # wolfTPM's source code is released without a configure script,
> Best Regards,
> 
> Fabrice

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

  reply	other threads:[~2022-06-11 20:59 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-11 14:35 [Buildroot] [PATCH 1/2] package/wolftpm: fix dependencies Fabrice Fontaine
2022-06-11 14:35 ` [Buildroot] [PATCH 2/2] package/wolftpm: drop WOLFTPM_CPE_ID_VENDOR Fabrice Fontaine
2022-06-11 20:24   ` Dimi Tomov
2022-06-11 20:38     ` Fabrice Fontaine
2022-06-11 20:58       ` Dimi Tomov [this message]
2022-06-11 20:19 ` [Buildroot] [PATCH 1/2] package/wolftpm: fix dependencies Dimi Tomov
2022-06-11 21:24   ` Fabrice Fontaine
2022-06-12  4:13     ` Dimi Tomov
2022-06-12  8:44       ` Fabrice Fontaine

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c9962256fbb1953ca91d02a16bf2cfe7@tpm.dev \
    --to=dimi@tpm.dev \
    --cc=buildroot@buildroot.org \
    --cc=fontaine.fabrice@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.