Your message dated Mon, 22 Sep 2014 19:14:23 +0200 with message-id <20140922171423.GA26721@eldamar.local> and subject line Re: Bug#762069: security-tracker does not update NVD information anymore has caused the Debian Bug report #762069, regarding security-tracker does not update NVD information anymore to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 762069: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762069 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: security-tracker Severity: normal Tags: confirmed Hi, I'm looking into this problem, but would like to have documented the problem in the BTS. Currently since we switched to fetch information trough https updates of NVD information for the security-tracker does not work anymore. Makefile contains a update-nvd target, which fetches the nvde-$year information via https: wget -q -Odata/nvd/$$name https://nvd.nist.gov/download/$$name ERROR: The certificate of `nvd.nist.gov' is not trusted. ERROR: The certificate of `nvd.nist.gov' hasn't got a known issuer. Solution: We need (as for example also needed for qa's vcs-watch) our own CA store for the security-tracker which is used on soler. Regards, Salvatore
--- End Message ---
--- Begin Message ---Hi This is now done by keeping a certificate store for the sectracker user which is the used when fetching the data. Regards, Salvatore
--- End Message ---
