Hi Leo, Leo Famulari <l...@famulari.name> skribis:
> I look at the lwn.net security advisories, the Debian security-announce > mailing list, `guix lint -c cve`, the upstream bug trackers of a handful > of packages, and even some Twitter personalities. For me it’s mostly oss-sec, LWN, and ‘guix lint’. The good thing with the new MITRE policy is that the CVE database will be more up-to-date, IIUC. Until now, they’d quickly reserve an ID for issues reported to oss-sec, but then it would take time until the CVE database would be updated to contain all the info (for the recent Guile CVEs, they asked me to give them the details again after two months or so…). As a side effect, ‘guix lint -c cve’ should become more useful. Ludo’.
