bug#47188: "guix lint -c cve" does not account for language prefixes (ru

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47188: "guix lint -c cve" does not account for language prefixes (ru

From:	zimoun
Subject:	bug#47188: "guix lint -c cve" does not account for language prefixes (rust-, python-, go-, ..)
Date:	Tue, 16 Mar 2021 14:05:13 +0100

Hi,

On Tue, 16 Mar 2021 at 10:30, Léo Le Bouter via Bug reports for GNU
Guix <bug-guix@gnu.org> wrote:

> ./pre-inst-env guix lint -c cve python-urllib3@1.26.2
> Here this should return at least CVE-2021-28363 but it does not because
> the CVE database contains urllib3 and not python-urllib3 (which AFAICT
> the cve linter searches for).

Does the CVE use the upstream name?  Or a normalized name?

I mean, in the R world, packages can have names as 'org.EcK12.eg.db'
which becomes "r-org-eck12-eg-db".  To easy the mapping for updating
and co, the package definition contains:

    (properties
     `((upstream-name . "org.EcK12.eg.db")))

Maybe, it could be worth to have similar things.  WDYT?

All the best,
simon

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47188: "guix lint -c cve" does not account for language prefixes (rust-, python-, go-, ..), Léo Le Bouter, 2021/03/16
- bug#47188: "guix lint -c cve" does not account for language prefixes (rust-, python-, go-, ..), zimoun <=
- bug#47188: "guix lint -c cve" does not account for language prefixes (rust-, python-, go-, ..), Ludovic Courtès, 2021/03/18

Prev by Date: bug#47190: Building git fails because of a hash mismatch
Next by Date: bug#47190: Building git fails because of a hash mismatch
Previous by thread: bug#47188: "guix lint -c cve" does not account for language prefixes (rust-, python-, go-, ..)
Next by thread: bug#47188: "guix lint -c cve" does not account for language prefixes (rust-, python-, go-, ..)
Index(es):
- Date
- Thread