On Sun, Feb 12, 2017 at 02:59:57PM +0100, Ludovic Courtès wrote:
> Hi Leo,
> 
> Leo Famulari <leo@famulari.name> skribis:
> 
> > I look at the lwn.net security advisories, the Debian security-announce
> > mailing list, `guix lint -c cve`, the upstream bug trackers of a handful
> > of packages, and even some Twitter personalities.
> 
> For me it’s mostly oss-sec, LWN, and ‘guix lint’.
> 
> The good thing with the new MITRE policy is that the CVE database will
> be more up-to-date, IIUC.  Until now, they’d quickly reserve an ID for
> issues reported to oss-sec, but then it would take time until the CVE
> database would be updated to contain all the info (for the recent Guile
> CVEs, they asked me to give them the details again after two months or
> so…).  As a side effect, ‘guix lint -c cve’ should become more useful.
> 
> Ludo’.
> 

That's great, in the past I assumed that if `guix lint -c cve' found the
CVE then it had already been out for a bit.

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted