Léo Le Bouter writes: > On Sat, 2021-04-03 at 11:41 +0100, Christopher Baines wrote: >> Please let me know if you have any comments or questions! > > That's really really awesome Chris! I especially like that also users > are invited to particpate in the process and the information is shared > there as well! Cool, and yeah, I think users of Guix do have some needs around security and how they use Guix, but I don't yet have a clear picture of them. I want to try and work on figuring this out though! > If I have a comment about the CVE mechanism is that it seems CPE > vendor/name labeling isnt done well or not fast enough in practice, > most flaws I fix they do not have CPE name and vendor specified. So I > wonder how to automate recognition of them here. I believe some could > try and parse the summary with natural language analysis but that also > seems quite imprecise. Right, that definitely seems like something to work on. Thanks, Chris