Hi, > Can't we just take the version from the PKG_VERSION entry and provide a > way to overwrite it with some other variable in case the CVE database > uses a different version number format?
yes, I was thinking something similar, like using $(PKG_CPE):$(PKG_VERSION) if there is no version included already. But I have not yet investigated if that would work in all cases, if the version numbers are usable as-is etc. > We could check if this version number is available in the CVE database > and warn the user if this is not the case, but we could probably cover > 90% of the packages. Yes, assuming that we do get the versions properly included. ~ Jo _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
