On Thu, 2 Apr 2009 10:59:10 +0200, Thijs Kinkhorst wrote: > On Wed, April 1, 2009 22:00, Michael S. Gilbert wrote: > > Even though it's not always daily, this is still a significant > > improvement over previous years, in which updates would occur once a week > > or less. For the CVE data updates, our security processes require manual > > steps as part of a defense-in-depth strategy. > > > > it looks like they have no intention of keeping their databases in sync > > with NVD. for me, this is strong evidence that a switch to NVD is > > necessary. > > Yes, this is a known item. I'm fairly certain that we already received > patches from, I think, Gentoo to our scripts to use NVD. Check out the > archives of this list and the secure-testing list to find them; I cannot > do a search for them now but could perhaps find some time tonight to > retrieve it.
i found the NVD scripts in secure-testing's svn, and they run, but i haven't checked whether they actually do what we expect. i will modify if need be. i will also need to tie these in to the updater, which should be fairly straightforward. mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
