From: Marta Rybczynska <rybczynska@gmail.com>
To: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Akash Hadke <akash.hadke@kpit.com>,
OE-core <openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves
Date: Wed, 18 May 2022 13:58:14 +0200 [thread overview]
Message-ID: <CAApg2=ToM0QwDU8MkV-3FNHgTOuhtV6Az6E3uT2WyQigWnfTow@mail.gmail.com> (raw)
In-Reply-To: <e793362e2958aecec75daa66230558f7feb9add5.camel@linuxfoundation.org>
On Wed, May 18, 2022 at 12:33 PM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Wed, 2022-05-18 at 02:46 -0700, akash hadke via
> lists.openembedded.org wrote:
> > Hi Richard,
> >
> > I tried modifying the cve-check.bbclass but did not able to get the
> > solution for disabling the NVD data, because when we inherit cve-
> > check it executes the cve_check task that checks CVEs from NVD DB. So
> > I am also not sure how to disable it hence I used the separate
> > bbclass.
>
> I guess the task dependencies are a bit of an issue there. There are
> probably ways to make those configurable, it would just take a little
> work.
>
> I really do want to encourage us to work together on common cve tooling
> rather than having several partial implementations so I can't take this
> patch series.
>
I plan to cut those dependencies and make different stages optional.
In my case the first use
is to be able to run multiple cve-checks with the same database
(guaranteed without updates)
or run cve-check with some given known database (for testing).
We can add an option to make the actual check with the database optional.
Exporting the data to the buildhistory looks like a useful thing to do, too.
I can draft the split after YPS.
Kind regards,
Marta
prev parent reply other threads:[~2022-05-18 11:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-11 14:36 [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves Akash Hadke
2022-05-11 14:36 ` [poky][master][PATCH 2/3] cve-export.bbclass: Add a new class to get patched and ignored CVEs from the build Akash Hadke
2022-05-11 14:36 ` [poky][master][PATCH 3/3] cve_export.py: Add new selftest for cve-export.bbclass Akash Hadke
2022-05-17 9:12 ` [OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves Marta Rybczynska
2022-05-17 11:42 ` Akash Hadke
2022-05-17 13:33 ` Marta Rybczynska
2022-05-17 13:51 ` akash hadke
2022-05-17 14:19 ` [OE-core] " richard.purdie
2022-05-18 9:46 ` akash hadke
2022-05-18 10:33 ` [OE-core] " richard.purdie
2022-05-18 11:58 ` Marta Rybczynska [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAApg2=ToM0QwDU8MkV-3FNHgTOuhtV6Az6E3uT2WyQigWnfTow@mail.gmail.com' \
--to=rybczynska@gmail.com \
--cc=akash.hadke@kpit.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.