diff mbox series

cve-check: change the default feed

Message ID 20250318065403.8198-1-marta.rybczynska@ygreky.com
State New
Headers show
Series cve-check: change the default feed | expand

Commit Message

Marta Rybczynska March 18, 2025, 6:54 a.m. UTC
Move to the FKIE feed by default, as it is showing better stability
than NVD2. Content of the feed should be the same.

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
---
 meta/classes/cve-check.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Marta Rybczynska March 18, 2025, 6:56 a.m. UTC | #1
On Tue, Mar 18, 2025 at 7:54 AM Marta Rybczynska <rybczynska@gmail.com>
wrote:

> Move to the FKIE feed by default, as it is showing better stability
> than NVD2. Content of the feed should be the same.
>
> Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
> ---
>  meta/classes/cve-check.bbclass | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/classes/cve-check.bbclass
> b/meta/classes/cve-check.bbclass
> index c6a410e2b2..555fdaad77 100644
> --- a/meta/classes/cve-check.bbclass
> +++ b/meta/classes/cve-check.bbclass
> @@ -32,7 +32,7 @@ CVE_PRODUCT ??= "${BPN}"
>  CVE_VERSION ??= "${PV}"
>
>  # Possible database sources: NVD1, NVD2, FKIE
> -NVD_DB_VERSION ?= "NVD2"
> +NVD_DB_VERSION ?= "FKIE"
>
>  # Use different file names for each database source, as they synchronize
> at different moments, so may be slightly different
>  CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if
> d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdcve_1-3.db' if
> d.getVar('NVD_DB_VERSION') == 'NVD1' else 'nvdfkie_1-1.db'}"
> --
> 2.45.2
>
>

This is late for the release, but I think it might be a reasonable choice
for months ahead of us.
To be discussed.

Kind regards,
Marta
Ross Burton March 18, 2025, 11:07 a.m. UTC | #2
On 18 Mar 2025, at 06:56, Marta Rybczynska <rybczynska@gmail.com> wrote:
> This is late for the release, but I think it might be a reasonable choice for months ahead of us.
> To be discussed.

Given the fetch speed improvements, I think this is acceptable for M4.

Ross
diff mbox series

Patch

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index c6a410e2b2..555fdaad77 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -32,7 +32,7 @@  CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
 
 # Possible database sources: NVD1, NVD2, FKIE
-NVD_DB_VERSION ?= "NVD2"
+NVD_DB_VERSION ?= "FKIE"
 
 # Use different file names for each database source, as they synchronize at different moments, so may be slightly different
 CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdcve_1-3.db' if d.getVar('NVD_DB_VERSION') == 'NVD1' else 'nvdfkie_1-1.db'}"