Re: Auditing CPE names

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Auditing CPE names

From:	Ludovic Courtès
Subject:	Re: Auditing CPE names
Date:	Sun, 12 Feb 2017 16:13:06 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Leo Famulari <address@hidden> skribis:

> I wonder if anyone checks the Common Platform Enumeration (CPE) names of
> new packages when creating them?
>
> It's important to name the package in accordance with the CPE or set
> the cpe-name property, or else `guix lint -c cve` won't work for that
> package.
>
> There is an example of setting the cpe-name in the package definition of
> isc-dhcp, where the cpe-name is 'dhcp'.
>
> Maybe we should audit the whole package set to find packages that appear
> to not be covered by CPE.

I think it’s a good idea, everyone should check whether important
packages are covered.

Packages that are definitely not covered are those for which we add a
prefix to the upstream name, such as “python-”.  We could tell ‘guix
lint -c cve’ to strip common prefixes like this one, but I suspect this
won’t be enough.

Thoughts?

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Auditing CPE names, Leo Famulari, 2017/02/11
- Re: Auditing CPE names, Ludovic Courtès <=
- Re: Auditing CPE names, Leo Famulari, 2017/02/12
  - Re: Auditing CPE names, Ludovic Courtès, 2017/02/13

Prev by Date: Re: Add murmur.
Next by Date: Re: Auditing CPE names
Previous by thread: Auditing CPE names
Next by thread: Re: Auditing CPE names
Index(es):
- Date
- Thread