Hi,
Also I ran the scanner against core-image-sato for each of the feeds and
interestingly nvd2 was the only one to report CVE-1999-0524. Do you have any
idea why this might be?
That said, a fetch taking a minute or so instead of almost an hour is a great
improvement!
Cheers,
Ross
> On 14 Jan 2025, at 17:54, Ross Burton via lists.openembedded.org
> <ross.burton=arm....@lists.openembedded.org> wrote:
>
> On 24 Dec 2024, at 10:25, Marta Rybczynska via lists.openembedded.org
> <rybczynska=gmail....@lists.openembedded.org> wrote:
>
> There’s an inconsistency:
>
>> Set the NVD_DB_VERSION variable to choose feed:
>> NVD2 (default) - the NVD feed with API version 2
>> NVD1 - the NVD JSON feed (deprecated)
>> FKIE - the FKIE-CAD feed reconstruction
>
> “NVD1”
>
>> +# Possible database sources: NVD1, NVD2, FKIE
>> +NVD_DB_VERSION ?= "NVD2"
>
> “NVD1”
>
>> + if nvd_database_type not in ("NVD", "NVD2", "FKIE”):
>
> “NVD”
>
> I’m thinking “NVD1” should be used everywhere.
>
> If you set it as the documentation says then every recipe throws a warning,
> which is quite the pastebomb. Might be better to make it bb.fatal() and tell
> the user to fix their typo?
>
> Ross
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#209896):
https://lists.openembedded.org/g/openembedded-core/message/209896
Mute This Topic: https://lists.openembedded.org/mt/110270325/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
