[Buildroot] [PATCH 1/1] package/netcat: set NETCAT_CPE_ID_VALID

Thomas Petazzoni thomas.petazzoni at bootlin.com
Mon Jan 11 20:32:08 UTC 2021


Hello Fabrice,

On Mon, 11 Jan 2021 21:15:44 +0100
Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:

> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Thanks for all those CPE related patches, very useful. Since you're
doing all those checks, perhaps it would be useful to have a pointer to
something that confirms how you have validated a given CPE. Either in
the commit log, or as a comment in the .mk file? Perhaps a comment in
the commit log is sufficient?

Since you're doing the research, I guess it should be quite easy to add
such a reference in the commit log. Maybe something such as:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetcat_project%3Anetcat

Note: no need to resend existing patches for this. This is just a
suggestion for future patches.

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


More information about the buildroot mailing list