all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* Auditing CPE names
@ 2017-02-11 19:53 Leo Famulari
  2017-02-12 15:13 ` Ludovic Courtès
  2017-02-12 15:38 ` Leo Famulari
  0 siblings, 2 replies; 4+ messages in thread
From: Leo Famulari @ 2017-02-11 19:53 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 499 bytes --]

I wonder if anyone checks the Common Platform Enumeration (CPE) names of
new packages when creating them?

It's important to name the package in accordance with the CPE or set
the cpe-name property, or else `guix lint -c cve` won't work for that
package.

There is an example of setting the cpe-name in the package definition of
isc-dhcp, where the cpe-name is 'dhcp'.

Maybe we should audit the whole package set to find packages that appear
to not be covered by CPE.

https://nvd.nist.gov/cpe.cfm

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-02-13 14:26 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-11 19:53 Auditing CPE names Leo Famulari
2017-02-12 15:13 ` Ludovic Courtès
2017-02-12 15:38 ` Leo Famulari
2017-02-13 14:26   ` Ludovic Courtès

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.