Hi; at the moment the ASF customisation to the tool is tracked in my github fork along with issues. There's no specific place to discuss it other than secur...@apache.org. That's all just because there's only me having worked on it.
There are going to be some big changes needed to the tool and running instance in the coming months to support the new CVE Project v5.0 JSON schema, as that is required for more of the future CVE project automation (such as live submission to their database), so that will likely take up all the time I can personally spend updating the tool in the near future. Issues: https://github.com/iamamoose/Vulnogram/issues ASF changes from the upstream Vulnogram code: https://github.com/Vulnogram/Vulnogram/compare/master...iamamoose:asfmaster Regards, Mark J Cox ASF Security On Thu, Sep 16, 2021 at 4:57 PM Ruediger Pluem <rpl...@apache.org> wrote: > > > On 9/16/21 3:16 PM, Eric Covener wrote: > > On Thu, Sep 16, 2021 at 9:07 AM ste...@eissing.org <ste...@eissing.org> > wrote: > >> > >> > >> > >>> Am 16.09.2021 um 15:01 schrieb Ruediger Pluem <rpl...@apache.org>: > >>> > >>> > >>> > >>> On 9/16/21 2:59 PM, ste...@eissing.org wrote: > >>>> And thanks, RĂ¼diger, for noticing and the quick fixes.\o/ > >>> > >>> And thanks to you for all the release and scripting work. > >> > >> I think we should request some download url feature from the > cveprocess, so that we can automate that part as well. The timeline entry > should be added automatically. The "affected_by" we can at least check and > report. > > > > I'm not sure we have Mark watching here, best to take it to the two > > I fear that as well, but I wanted to avoid crosposts on dev@ and security@ > at the same time due to their different visibility. > In general I think improvements to the CVE tool can be discussed in > public, but I am not sure what the correct venue aka list is > for this topic. > @Mark: Can you give us a hint what is the correct forum to talk about > improvements of the CVE tool? > > > security lists. > > > > Regards > > RĂ¼diger >
