On 2017-03-08 14:36, Graham Christensen wrote: > Just a heads up that the LWN Vulnerability Database we use hasn't been > updated in over a week, which means our tooling thinks there have been > zero problems. This is obviously not true. > > LWN's database provides a hugely valuable resource for us. They collect > mail from many distro's mailing lists and aggregate similar reports in > to a single entry. Each of those then will have multiple solutions and > patches that we can use to fix the issue in our distribution. This > aggregation has been a huge "force multiplier," allowing us to keep up > to date and patch almost as fast as the bigger distributions, even in > the earliest weeks of roundups where only a few people were regularly > contributing. > > If you appreciate the work we've done, I recommend subscribing to LWN as > a thank-you. > > > Remediation: > > - I've messaged LWN to ask if the database will be updated again. > - I've been researching alternative ways to get the job done: > - Other DBs with similar goals of aggregating issues and reports. > - Reviewing all the mail from oss-security > - Subscribing to and reviewing all the mail from all the distro's > that LWN watched > - other options? > > This is a tough spot to be in, and I am hoping LWN will continue. Either > way, we should likely expand our tooling to support other sources as > well. > > If anyone has any ideas or suggestions, I'm all ears :) > > Best, > Graham Christensen
Do you know how LWN aggregates the reports? Is it more of a manual process or is done automatically? > _______________________________________________ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev