* Dunfell CVE reduction fun: December raffle
@ 2020-11-30 17:12 Steve Sakoman
2021-01-06 17:27 ` Dunfell CVE reduction fun: December raffle -- Winner announcement! Steve Sakoman
0 siblings, 1 reply; 3+ messages in thread
From: Steve Sakoman @ 2020-11-30 17:12 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer
We've been making good progress on reducing the number of issues
reported by the CVE checker. We went from 202 on August 16 to 59 on
November 29.
Some of these reductions have come from sending in corrections to the
CVE database where there were errors in version matching, and others
have come from backported fixes or whitelisting.. Many thanks to all
who have helped!
To encourage more folks to contribute to this effort I'm going to be
holding a raffle during the month of December. You'll get one entry
for each CVE fix patch that I merge into dunfell. And a database
update that results in a reduction in dunell reported issues will also
get you an entry.
The prize? A bag of fresh roasted whole bean coffee from my small
coffee orchard here on the Big Island of Hawaii. If the winner isn't
a coffee drinker I'll try to get some locally grown tea as a
substitute prize.
The fine print:
1. Patches and database update requests must be submitted during the
month of December to receive a raffle entry.
2. CVE patch submissions should follow the guidelines in the "Patch
name convention and commit message" section of
https://wiki.yoctoproject.org/wiki/Security
3. If the patch also applies to master please send the patch for
master and note that it should be backported to dunfell/gatesgarth as
appropriate. I'll pull this type of patch into dunfell only after it
hits master.
4. CVE database update requests should be sent to:
cpe_dictionary@nist.gov You should note the CVE number and provide
supporting links for why you think an update is appropriate. When you
receive a "Thank you for bringing this to our attention. We appreciate
community input" response please forward a copy to me. I'll add your
raffle entry to the pool when the database is updated and the dunfell
cve count reduced.
5. To help avoid people working on the same CVE's I'll start a "CVE
raffle: collision avoidance" thread on this list. Just do a quick
reply noting which CVE you plan to work on. Please don't claim one
unless you really intend to follow through!
Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Dunfell CVE reduction fun: December raffle -- Winner announcement!
2020-11-30 17:12 Dunfell CVE reduction fun: December raffle Steve Sakoman
@ 2021-01-06 17:27 ` Steve Sakoman
2021-01-07 3:48 ` Robert Joslyn
0 siblings, 1 reply; 3+ messages in thread
From: Steve Sakoman @ 2021-01-06 17:27 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer, Robert Joslyn
The winner was selected live on the #yocto irc channel this morning:
(07:10:59 AM) sakoman: **** Time to select the CVE raffle winner ****
(07:11:38 AM) sakoman: Looks like there are 50 entries:
(07:11:42 AM) sakoman: steve@octo:~/Desktop$ wc -l cve-raffle-sorted-nodups
(07:11:42 AM) sakoman: 50 cve-raffle-sorted-nodups
(07:12:04 AM) sakoman: And the winner by random selection is:
(07:12:21 AM) sakoman: steve@octo:~/Desktop$ shuf -n 1 cve-raffle-sorted-nodups
(07:12:21 AM) sakoman: CVE-2020-1971: Robert Joslyn
<robert.joslyn@redrectangle.org>
Congrats Robert! And thanks for helping reduce the number of CVEs.
Please contact me off list with your shipping address and choice of
coffee or tea.
Thanks to all who participated, I really appreciate the help!
Steve
On Mon, Nov 30, 2020 at 7:12 AM Steve Sakoman <steve@sakoman.com> wrote:
>
> We've been making good progress on reducing the number of issues
> reported by the CVE checker. We went from 202 on August 16 to 59 on
> November 29.
>
> Some of these reductions have come from sending in corrections to the
> CVE database where there were errors in version matching, and others
> have come from backported fixes or whitelisting.. Many thanks to all
> who have helped!
>
> To encourage more folks to contribute to this effort I'm going to be
> holding a raffle during the month of December. You'll get one entry
> for each CVE fix patch that I merge into dunfell. And a database
> update that results in a reduction in dunell reported issues will also
> get you an entry.
>
> The prize? A bag of fresh roasted whole bean coffee from my small
> coffee orchard here on the Big Island of Hawaii. If the winner isn't
> a coffee drinker I'll try to get some locally grown tea as a
> substitute prize.
>
> The fine print:
>
> 1. Patches and database update requests must be submitted during the
> month of December to receive a raffle entry.
>
> 2. CVE patch submissions should follow the guidelines in the "Patch
> name convention and commit message" section of
> https://wiki.yoctoproject.org/wiki/Security
>
> 3. If the patch also applies to master please send the patch for
> master and note that it should be backported to dunfell/gatesgarth as
> appropriate. I'll pull this type of patch into dunfell only after it
> hits master.
>
> 4. CVE database update requests should be sent to:
> cpe_dictionary@nist.gov You should note the CVE number and provide
> supporting links for why you think an update is appropriate. When you
> receive a "Thank you for bringing this to our attention. We appreciate
> community input" response please forward a copy to me. I'll add your
> raffle entry to the pool when the database is updated and the dunfell
> cve count reduced.
>
> 5. To help avoid people working on the same CVE's I'll start a "CVE
> raffle: collision avoidance" thread on this list. Just do a quick
> reply noting which CVE you plan to work on. Please don't claim one
> unless you really intend to follow through!
>
> Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Dunfell CVE reduction fun: December raffle -- Winner announcement!
2021-01-06 17:27 ` Dunfell CVE reduction fun: December raffle -- Winner announcement! Steve Sakoman
@ 2021-01-07 3:48 ` Robert Joslyn
0 siblings, 0 replies; 3+ messages in thread
From: Robert Joslyn @ 2021-01-07 3:48 UTC (permalink / raw)
To: Steve Sakoman, Patches and discussions about the oe-core layer
On Wed, 2021-01-06 at 07:27 -1000, Steve Sakoman wrote:
> The winner was selected live on the #yocto irc channel this morning:
>
> (07:10:59 AM) sakoman: **** Time to select the CVE raffle winner ****
> (07:11:38 AM) sakoman: Looks like there are 50 entries:
> (07:11:42 AM) sakoman: steve@octo:~/Desktop$ wc -l cve-raffle-sorted-
> nodups
> (07:11:42 AM) sakoman: 50 cve-raffle-sorted-nodups
> (07:12:04 AM) sakoman: And the winner by random selection is:
> (07:12:21 AM) sakoman: steve@octo:~/Desktop$ shuf -n 1 cve-raffle-
> sorted-nodups
> (07:12:21 AM) sakoman: CVE-2020-1971: Robert Joslyn
> <robert.joslyn@redrectangle.org>
>
> Congrats Robert! And thanks for helping reduce the number of CVEs.
> Please contact me off list with your shipping address and choice of
> coffee or tea.
>
> Thanks to all who participated, I really appreciate the help!
>
> Steve
Well that was unexpected, thanks! I feel a little bad since I only
submitted one patch last month, but I'll try earn the coffee a bit more
this month with some more patches :-)
Thanks,
Robert
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-01-07 3:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-30 17:12 Dunfell CVE reduction fun: December raffle Steve Sakoman
2021-01-06 17:27 ` Dunfell CVE reduction fun: December raffle -- Winner announcement! Steve Sakoman
2021-01-07 3:48 ` Robert Joslyn
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.