From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] [NEXT 00/26] Package CVE Reporting
Date: Tue, 27 Feb 2018 22:37:48 +0100 [thread overview]
Message-ID: <20180227223748.5c65e492@windsurf.lan> (raw)
In-Reply-To: <1519697441-54194-1-git-send-email-matthew.weber@rockwellcollins.com>
Hello,
On Mon, 26 Feb 2018 20:10:15 -0600, Matt Weber wrote:
> This series adds new infrastructure to report
> a packages CPE identifier in a similar way
> that the legal info is currently reported.
>
> The addition of CPE IDs to the packages is a
> manual process, but in a later patchset
> additions are planned to the pkg-stats script
> to automate maintenance the process.
Thanks for working on this and coming up with a proposal!
While I'm fine with the package annotations, I am not yet sure that a
"make cpe-info" is what we want here.
In particular, I'm thinking about the interaction with pkg-stats, and
the work I've done to make pkg-stats query release-monitoring.org to
check for new upstream versions. Ideally, pkg-stats should also query
the CPE information and add it to its report.
For now, pkg-stats reports about all packages in Buildroot, but I'm
hoping to improve that and make it possible for pkg-stats to only
generate a report about the list of packages selected in the current
Buildroot configuration.
So I don't have a very clear cut answer, but I see some overlap between
cpe-info and pkg-stats, and I'd like to have a common view on what is
the mid/long-term direction we want to take.
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
http://bootlin.com
next prev parent reply other threads:[~2018-02-27 21:37 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-27 2:10 [Buildroot] [NEXT 00/26] Package CVE Reporting Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 01/26] cpe-info: new make target Matt Weber
2018-02-27 21:40 ` Thomas Petazzoni
2018-02-28 4:30 ` Matthew Weber
2018-03-01 20:21 ` Arnout Vandecappelle
2018-02-27 2:10 ` [Buildroot] [NEXT 02/26] cpe-info: update manual for new pkg vars Matt Weber
2018-02-27 21:43 ` Thomas Petazzoni
2018-02-28 4:22 ` Matthew Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 03/26] cpe-info: id prefix/suffix Matt Weber
2018-02-27 21:45 ` Thomas Petazzoni
2018-02-28 4:14 ` Matthew Weber
2018-03-01 20:34 ` Arnout Vandecappelle
2018-03-03 3:01 ` Matthew Weber
2018-03-01 20:32 ` Arnout Vandecappelle
2018-02-27 2:10 ` [Buildroot] [NEXT 04/26] cpe-info: only report target pkgs Matt Weber
2018-02-27 21:45 ` Thomas Petazzoni
2018-02-28 4:13 ` Matthew Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 05/26] bash: add CPE id Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 06/26] boa: " Matt Weber
2018-02-27 22:17 ` Thomas Petazzoni
2018-02-28 4:00 ` Matthew Weber
2018-02-28 6:38 ` Thomas Petazzoni
2018-03-01 20:47 ` Arnout Vandecappelle
2018-03-01 22:55 ` Matthew Weber
2018-03-02 8:19 ` Arnout Vandecappelle
2018-03-02 9:49 ` Thomas Petazzoni
2018-03-02 16:14 ` Matthew Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 07/26] boost: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 08/26] busybox: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 09/26] bzip2: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 10/26] dhcp: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 11/26] e2fsprogs: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 12/26] gdb: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 13/26] glibc: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 14/26] gnupg: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 15/26] gzip: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 16/26] iproute2: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 17/26] libgcrypt: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 18/26] libopenssl: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 19/26] libzlib: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 20/26] linux: " Matt Weber
2018-02-27 22:18 ` Thomas Petazzoni
2018-02-28 4:12 ` Matthew Weber
2018-03-02 9:55 ` Thomas Petazzoni
2018-02-27 2:10 ` [Buildroot] [NEXT 21/26] linux-headers: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 22/26] openssh: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 23/26] rsyslog: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 24/26] tcpdump: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 25/26] util-linux: " Matt Weber
2018-02-27 2:10 ` [Buildroot] [NEXT 26/26] xerces: " Matt Weber
2018-02-27 21:37 ` Thomas Petazzoni [this message]
2018-02-28 4:42 ` [Buildroot] [NEXT 00/26] Package CVE Reporting Matthew Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180227223748.5c65e492@windsurf.lan \
--to=thomas.petazzoni@bootlin.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox