Hi Marta, On 31 May 2024, at 15:06, Marta Rybczynska via lists.yoctoproject.org <[email protected]> wrote: > > How to use: > 1. Download the database to use: > - for NVD, use cve-update-nvd2-native.py > - for the CVE database, get the CVEv5 git repository: either the upsteam one > at https://github.com/CVEProject/cvelistV5 or the one with OE-related fixes > at https://github.com/mrybczyn/cvelistV5-overrides (recommended)
This is the biggest issue that’s bothering me right now - the need for a fork. Would it be possible to load the canonical cvelist and then augment it with extra data (using the Authorized Data Publisher schema?) from another repository that just contains that extra data? Having a fork of cvelistV5 and having to rebase it feels like it will lead to problems and be fragile. Cheers Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201023): https://lists.openembedded.org/g/openembedded-core/message/201023 Mute This Topic: https://lists.openembedded.org/mt/106798238/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
