Hi Andrew,
Yes, just super busy so this is put on the backburner a bit.
I added a "openSUSE:" naming and "SUSE:" naming to define the namespace
inbetween.
On Mon, Feb 19, 2024 at 03:23:42PM +1000, Andrew Pollock wrote:
> Hello Marcus,
>
> I hope you're doing well.
>
> We're looking forward to being able to import the OpenSuSE OSV records into
> OSV.dev and for them to provide actionable vulnerability detection to
> OpenSuSE users.
>
> Looking at what's available in
>
https://ftp.suse.com/pub/projects/security/osv, what's looks to be
> remaining:
>
> - enumerating vulnerable versions
>
> *Enumerating vulnerable versions*
Currently it is challenging a bit to list all affected versions, we
could get them, but for most relations is that the bug was there before
shipment and is fixed now.
So I thought that
"introduced" : 0
"fixed" : 4.8.6-bp155.2.3.1
"type": "ECOSYSTEM"
would be sufficient here?
The package versions we release are linear in a "RPM version compare" relation.
I see Debian, Rocky Linux and Alma Linux doing the same.
Or would I need to define with "ECOSYSTEM" means here?
Can we perhaps also have a "RPMVER" relation?
> To see existing code for concrete examples and inspiration go to:
>
> -
>
https://github.com/google/osv.dev/blob/master/osv/ecosystems/_ecosystems.py
> -
https://github.com/google/osv.dev/tree/master/osv/ecosystems
>
> If you have any questions, or if an interactive conversation would be
> helpful, please get in touch, and we can organise a meeting.
Ciao, Marcus