Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Clarifying packages for AlmaLinux ecosystem

9 views
Skip to first unread message

Andrew Pollock

unread,
Nov 3, 2024, 9:55:08 PM11/3/24
to Nikita Ivanov, osv-discuss
Hi Nikita,

I hope you're well.

With Red Hat's recent onboarding, we were doing some spot checks and looking at  https://osv.dev/vulnerability/CVE-2023-32700 and its aliases, noticed that while https://ossf.github.io/osv-schema/#affectedpackage-field states that the package.name is the source package, looking at https://osv.dev/vulnerability/ALSA-2023:3661 (comparing with https://osv.dev/vulnerability/RLSA-2023:3661) suggests this is not the case.

Should the schema documentation be updated, or the records being published?

regards

Andrew

--


Andrew Pollock

Software Engineer, Google Open Source Security Team | apol...@google.com

Google LLC

Reply all
Reply to author
Forward
0 new messages