Re: ‘guix lint’ CVE checker

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ‘guix lint’ CVE checker

From:	Ludovic Courtès
Subject:	Re: ‘guix lint’ CVE checker
Date:	Fri, 27 Nov 2015 10:58:31 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

address@hidden (Ludovic Courtès) skribis:

> The libxml2/libxslt issues are actually patched, but since we didn’t
> change the version number, the tool assumes that our packages are
> vulnerable.  We should change version numbers in the future when
> patching vulnerabilities.

Alternately, ‘lint’ could check the package’s patches and silence the
warning if there are patches whose name contain the offending CVE ID.

That way it would still catch vulnerabilities later reported for that
version.

Thoughts?

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

‘guix lint’ CVE checker, Ludovic Courtès, 2015/11/26
- Re: ‘guix lint’ CVE checker, Ludovic Courtès <=
  - Re: ‘guix lint’ CVE checker, Mark H Weaver, 2015/11/27
    - Re: ‘guix lint’ CVE checker, Ludovic Courtès, 2015/11/28
- Re: ‘guix lint’ CVE checker, Ludovic Courtès, 2015/11/28

Prev by Date: Re: [PATCH] build: pull: Compile .scm files in one process.
Next by Date: Re: [PATCH] build: pull: Compile .scm files in one process.
Previous by thread: ‘guix lint’ CVE checker
Next by thread: Re: ‘guix lint’ CVE checker
Index(es):
- Date
- Thread