On Wed, April 1, 2009 22:00, Michael S. Gilbert wrote: > Even though it's not always daily, this is still a significant > improvement over previous years, in which updates would occur once a week > or less. For the CVE data updates, our security processes require manual > steps as part of a defense-in-depth strategy. > > it looks like they have no intention of keeping their databases in sync > with NVD. for me, this is strong evidence that a switch to NVD is > necessary.
Yes, this is a known item. I'm fairly certain that we already received patches from, I think, Gentoo to our scripts to use NVD. Check out the archives of this list and the secure-testing list to find them; I cannot do a search for them now but could perhaps find some time tonight to retrieve it. cheers, Thijs -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
