[Buildroot] Gsoc Interest : Follow upstream updates and CVEs of packages
Matthew Weber
matthew.weber at rockwellcollins.com
Wed Mar 6 16:20:39 UTC 2019
Manas,
On Wed, Mar 6, 2019 at 2:55 AM Manas Mangaonkar
<manasmangaonkar at gmail.com> wrote:
>
> Hi,
>
> My Name is Manas [IRC: Pac23/Pac23xyz] i am a CE undergrad at the University of Mumbai,Came across the Following Upstream project and would love to work on it as part of Gsoc.
>
> I discussed this on the IRC and was told to ping here,afaik there already exists some code for this,can someone kindly link to the codebase/repo. I have seen some of it in the mailing list archive.
>
I have been working a series to add CPE reporting to Buildroot so that
a manifest could be produced with each build. In the series [1], the
[2] patch added the checking of CPE status in the pkg-stats script
(this is the script with the new release monitoring hooks). We did
not look at the problem space of checking for valid CVE against each
the CPE. I do wonder if adding the CPE id and CVE tracking directly
to release monitoring site would have more value then to our pkg-stats
or a new script. Then a report could be ran at the release-monitoring
site level to list open CVE on the Buildroot project.
I do owe a refresh of [1] as it has been awhile since I rebased and
sent a new version.
Matt
[1] http://patchwork.ozlabs.org/project/buildroot/list/?series=71318&state=*
[2] http://patchwork.ozlabs.org/patch/985550/
More information about the buildroot
mailing list