Re: [OE-core] [RFC]] cve-update-nvd2-native: new CVE database fetcher
On 14 Mar 2023, at 14:24, Marta Rybczynska wrote: > On Fri, Feb 24, 2023 at 5:16 PM Marta Rybczynska wrote: > Add new fetcher for the NVD database using the 2.0 API [1]. > The implementation changes as little as possible, keeping the current > database format (but using a different database file for the transition > period), with a notable exception of not using the META table. > > Minor changes that could be visible: > - the database starts in 1999 instead of 2002 > - the complete fetch is longer (30 minutes typically) > > > Tests VERY MUCH welcome, I have found some bugs today still. > > Docs (with a mandatory note according to the terms of use) will come with v2. > > For the swap between v1 and v2 I'm not sure what will be the best solution: > - a configuration option allows to migrate when the user decides to do so > - ... but does not protect the day they disconnect the feed > What do you think? > > > Still interested in your opinions on this. Currently I'm investigating some > differences between > both fetchers. Sorry, I utterly failed to actually reply. I did some basic code review and had some tweaks, and grumbled at the performance of NIST’s servers… I’m in meetings for the rest of today but I’ll actually write my reply tomorrow. Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178495): https://lists.openembedded.org/g/openembedded-core/message/178495 Mute This Topic: https://lists.openembedded.org/mt/97209064/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC]] cve-update-nvd2-native: new CVE database fetcher
On Fri, Feb 24, 2023 at 5:22 PM Marta Rybczynska via lists.openembedded.org wrote: > > > On Fri, Feb 24, 2023 at 5:16 PM Marta Rybczynska > wrote: > >> Add new fetcher for the NVD database using the 2.0 API [1]. >> The implementation changes as little as possible, keeping the current >> database format (but using a different database file for the transition >> period), with a notable exception of not using the META table. >> >> Minor changes that could be visible: >> - the database starts in 1999 instead of 2002 >> - the complete fetch is longer (30 minutes typically) >> >> > Tests VERY MUCH welcome, I have found some bugs today still. > > Docs (with a mandatory note according to the terms of use) will come with > v2. > > For the swap between v1 and v2 I'm not sure what will be the best solution: > - a configuration option allows to migrate when the user decides to do so > - ... but does not protect the day they disconnect the feed > > What do you think? > > Still interested in your opinions on this. Currently I'm investigating some differences between both fetchers. Kind regards, Marta -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178492): https://lists.openembedded.org/g/openembedded-core/message/178492 Mute This Topic: https://lists.openembedded.org/mt/97209064/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC]] cve-update-nvd2-native: new CVE database fetcher
On Fri, Feb 24, 2023 at 5:16 PM Marta Rybczynska wrote: > Add new fetcher for the NVD database using the 2.0 API [1]. > The implementation changes as little as possible, keeping the current > database format (but using a different database file for the transition > period), with a notable exception of not using the META table. > > Minor changes that could be visible: > - the database starts in 1999 instead of 2002 > - the complete fetch is longer (30 minutes typically) > > Tests VERY MUCH welcome, I have found some bugs today still. Docs (with a mandatory note according to the terms of use) will come with v2. For the swap between v1 and v2 I'm not sure what will be the best solution: - a configuration option allows to migrate when the user decides to do so - ... but does not protect the day they disconnect the feed What do you think? Kind regards, Marta -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#177693): https://lists.openembedded.org/g/openembedded-core/message/177693 Mute This Topic: https://lists.openembedded.org/mt/97209064/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-