Message ID | 20250318065403.8198-1-marta.rybczynska@ygreky.com |
---|---|
State | New |
Headers | show |
Series | cve-check: change the default feed | expand |
On Tue, Mar 18, 2025 at 7:54 AM Marta Rybczynska <rybczynska@gmail.com> wrote: > Move to the FKIE feed by default, as it is showing better stability > than NVD2. Content of the feed should be the same. > > Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> > --- > meta/classes/cve-check.bbclass | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/classes/cve-check.bbclass > b/meta/classes/cve-check.bbclass > index c6a410e2b2..555fdaad77 100644 > --- a/meta/classes/cve-check.bbclass > +++ b/meta/classes/cve-check.bbclass > @@ -32,7 +32,7 @@ CVE_PRODUCT ??= "${BPN}" > CVE_VERSION ??= "${PV}" > > # Possible database sources: NVD1, NVD2, FKIE > -NVD_DB_VERSION ?= "NVD2" > +NVD_DB_VERSION ?= "FKIE" > > # Use different file names for each database source, as they synchronize > at different moments, so may be slightly different > CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if > d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdcve_1-3.db' if > d.getVar('NVD_DB_VERSION') == 'NVD1' else 'nvdfkie_1-1.db'}" > -- > 2.45.2 > > This is late for the release, but I think it might be a reasonable choice for months ahead of us. To be discussed. Kind regards, Marta
On 18 Mar 2025, at 06:56, Marta Rybczynska <rybczynska@gmail.com> wrote: > This is late for the release, but I think it might be a reasonable choice for months ahead of us. > To be discussed. Given the fetch speed improvements, I think this is acceptable for M4. Ross
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index c6a410e2b2..555fdaad77 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -32,7 +32,7 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" # Possible database sources: NVD1, NVD2, FKIE -NVD_DB_VERSION ?= "NVD2" +NVD_DB_VERSION ?= "FKIE" # Use different file names for each database source, as they synchronize at different moments, so may be slightly different CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdcve_1-3.db' if d.getVar('NVD_DB_VERSION') == 'NVD1' else 'nvdfkie_1-1.db'}"
Move to the FKIE feed by default, as it is showing better stability than NVD2. Content of the feed should be the same. Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> --- meta/classes/cve-check.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)