> On 19. Jun 2018, at 23:15, Jason H <jh...@gmx.com> wrote: > > > >> Sent: Tuesday, June 19, 2018 at 4:50 PM >> From: "Thiago Macieira" <thiago.macie...@intel.com> >> To: development@qt-project.org >> Subject: Re: [Development] Monitoring of upstream vulnerabilities >> >> On Tuesday, 19 June 2018 13:15:18 PDT Jason H wrote: >>>> Currently, we use https://github.com/clearlinux/cve-check-tool. This is >>>> going to be replaced with CVEMAN - >>>> https://github.intel.com/kcwells/cveman. Both tools consume the feed from >>>> the National Vulnerability Database from the US NIST - >>>> https://nvd.nist.gov/. >>> >>> Is that intel server publicly accessible? >> >> The dashboard the tool produces isn't, but I also don't see why you'd want >> that. It's not applicable to Qt. The only people who would want access to it >> are the people who are working on the distribution and will apply the >> patches. > > !? > > The first link is a publicly accessible project. I thought you were referring > to a replacement project. I wanted to see what CVEMAN was, why it was better, > etc., (having never hard of it before) and see if it was something I might be > interested in. But if it's not publicly accessible I wonder how open Qt is if > we can't use all the tools Qt does. It could be valid that I don't need to > worry, but how does the bind Qt to a private tool? > > I don't want to make a mountain out of a mole hill, but with all the > transparency in Qt, I just expected it to be accessible is all.
These tools are currently not used for Qt. Thiago is talking about "what we use in Clear Linux”, where “we” has nothing to do with the Qt Project. -- Eike Ziller Principal Software Engineer The Qt Company GmbH Rudower Chaussee 13 D-12489 Berlin eike.zil...@qt.io http://qt.io Geschäftsführer: Mika Pälsi, Juha Varelius, Mika Harjuaho Sitz der Gesellschaft: Berlin, Registergericht: Amtsgericht Charlottenburg, HRB 144331 B _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
