Hello all, The NVD has published an official status as promised at VulnCon: https://nvd.nist.gov/general/news/nvd-program-transition-announcement
This does not include much more information. NVD manager was presenting at VulnCon, but without clear details on the way forward. They are not stopping, but this is not sure when the analysis will be back (they do the CPE and CVSS analysis plus handling emails that are apparently in big numbers). Until there is a solution around NVD, I propose that we run a weekly bulletin of which packages require update for our various branches, taking from the CVE data, oss-security and other sources. If there are more volunteers, we can do it more frequently. This is important work and I would prefer not to be the only one doing this :) Let's discuss tomorrow during the call. Regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1983): https://lists.openembedded.org/g/openembedded-architecture/message/1983 Mute This Topic: https://lists.openembedded.org/mt/105274401/21656 Group Owner: openembedded-architecture+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
