Auditing CPE names

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Auditing CPE names

From:	Leo Famulari
Subject:	Auditing CPE names
Date:	Sat, 11 Feb 2017 14:53:46 -0500
User-agent:	Mutt/1.7.2 (2016-11-26)

I wonder if anyone checks the Common Platform Enumeration (CPE) names of
new packages when creating them?

It's important to name the package in accordance with the CPE or set
the cpe-name property, or else `guix lint -c cve` won't work for that
package.

There is an example of setting the cpe-name in the package definition of
isc-dhcp, where the cpe-name is 'dhcp'.

Maybe we should audit the whole package set to find packages that appear
to not be covered by CPE.

https://nvd.nist.gov/cpe.cfm

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Auditing CPE names, Leo Famulari <=
- Re: Auditing CPE names, Ludovic Courtès, 2017/02/12
- Re: Auditing CPE names, Leo Famulari, 2017/02/12
  - Re: Auditing CPE names, Ludovic Courtès, 2017/02/13

Prev by Date: Re: [PATCH] gnu: slurm: Update to 16.05.9.1.
Next by Date: Re: Announcement regarding the oss-security mailing list
Previous by thread: Announcement regarding the oss-security mailing list
Next by thread: Re: Auditing CPE names
Index(es):
- Date
- Thread