Hello, This one is simple. cve-update-db-native is starting from 2002, while cve-update-nvd2-native from the beginning of the database, so 1999. We might unify this, but I do not consider it priority.
Kind regards, Marta On Wed, Jan 15, 2025 at 1:23 PM Ross Burton <[email protected]> wrote: > Hi, > > Also I ran the scanner against core-image-sato for each of the feeds and > interestingly nvd2 was the only one to report CVE-1999-0524. Do you have > any idea why this might be? > > That said, a fetch taking a minute or so instead of almost an hour is a > great improvement! > > Cheers, > Ross > > > On 14 Jan 2025, at 17:54, Ross Burton via lists.openembedded.org > <[email protected]> wrote: > > > > On 24 Dec 2024, at 10:25, Marta Rybczynska via lists.openembedded.org > <[email protected]> wrote: > > > > There’s an inconsistency: > > > >> Set the NVD_DB_VERSION variable to choose feed: > >> NVD2 (default) - the NVD feed with API version 2 > >> NVD1 - the NVD JSON feed (deprecated) > >> FKIE - the FKIE-CAD feed reconstruction > > > > “NVD1” > > > >> +# Possible database sources: NVD1, NVD2, FKIE > >> +NVD_DB_VERSION ?= "NVD2" > > > > “NVD1” > > > >> + if nvd_database_type not in ("NVD", "NVD2", "FKIE”): > > > > “NVD” > > > > I’m thinking “NVD1” should be used everywhere. > > > > If you set it as the documentation says then every recipe throws a > warning, which is quite the pastebomb. Might be better to make it > bb.fatal() and tell the user to fix their typo? > > > > Ross > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#210845): https://lists.openembedded.org/g/openembedded-core/message/210845 Mute This Topic: https://lists.openembedded.org/mt/110270325/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
