Hi Jo,
thanks for your mail!
On Sun, 1 Oct 2017 14:43:03 +0200
Jo-Philipp Wich wrote:
> FORMAT
>
> The proposed format for adding CPE IDs to Makefiles would be a new
> variable called "PKG_CPE" which is set to the corresponding ID of the
> package. Multiple ids may be specified, separated by s
Hi,
> Can't we just take the version from the PKG_VERSION entry and provide a
> way to overwrite it with some other variable in case the CVE database
> uses a different version number format?
yes, I was thinking something similar, like using
$(PKG_CPE):$(PKG_VERSION) if there is no version include
On 10/01/2017 02:43 PM, Jo-Philipp Wich wrote:
> Hi,
>
> I'd like to propose adding structured CPE information to package
> Makefiles in order to simplify mapping of discovered vulnerabilities to
> affected LEDE software components.
>
> The Common Platform Enumeration (CPE) specification provides
On 10/01/2017 02:43 PM, Jo-Philipp Wich wrote:
Hi,
I'd like to propose adding structured CPE information to package
Makefiles in order to simplify mapping of discovered vulnerabilities to
affected LEDE software components.
I like this. I know of OPNSense (firewall distro based off BSD I th
