[Development] Monitoring of upstream vulnerabilities

Bernhard B schluchti at gmail.com
Tue Jun 19 23:04:45 CEST 2018


Sorry, I don't get it. But what's the point of providing a link to the
Intel github rpo if we can't access it?

Am Dienstag, 19. Juni 2018 schrieb Thiago Macieira :

> On Tuesday, 19 June 2018 13:15:18 PDT Jason H wrote:
> > > Currently, we use https://github.com/clearlinux/cve-check-tool. This
> is
> > > going to be replaced with CVEMAN -
> > > https://github.intel.com/kcwells/cveman. Both tools consume the feed
> from
> > > the National Vulnerability Database from the US NIST -
> > > https://nvd.nist.gov/.
> >
> > Is that intel server publicly accessible?
>
> The dashboard the tool produces isn't, but I also don't see why you'd want
> that. It's not applicable to Qt. The only people who would want access to
> it
> are the people who are working on the distribution and will apply the
> patches.
>
> --
> Thiago Macieira - thiago.macieira (AT) intel.com
>   Software Architect - Intel Open Source Technology Center
>
>
>
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20180619/e3c8f8a3/attachment.html>


More information about the Development mailing list