Léo Le Bouter <lle-b...@zaclys.net> writes:

> On Sat, 2021-04-03 at 11:41 +0100, Christopher Baines wrote:
>> Please let me know if you have any comments or questions!
> That's really really awesome Chris! I especially like that also users
> are invited to particpate in the process and the information is shared
> there as well!

Cool, and yeah, I think users of Guix do have some needs around security
and how they use Guix, but I don't yet have a clear picture of them. I
want to try and work on figuring this out though!

> If I have a comment about the CVE mechanism is that it seems CPE
> vendor/name labeling isnt done well or not fast enough in practice,
> most flaws I fix they do not have CPE name and vendor specified. So I
> wonder how to automate recognition of them here. I believe some could
> try and parse the summary with natural language analysis but that also
> seems quite imprecise.

Right, that definitely seems like something to work on.



Attachment: signature.asc
Description: PGP signature

Reply via email to