Just a heads up that the LWN Vulnerability Database we use hasn't been updated in over a week, which means our tooling thinks there have been zero problems. This is obviously not true.
LWN's database provides a hugely valuable resource for us. They collect mail from many distro's mailing lists and aggregate similar reports in to a single entry. Each of those then will have multiple solutions and patches that we can use to fix the issue in our distribution. This aggregation has been a huge "force multiplier," allowing us to keep up to date and patch almost as fast as the bigger distributions, even in the earliest weeks of roundups where only a few people were regularly contributing. If you appreciate the work we've done, I recommend subscribing to LWN as a thank-you. Remediation: - I've messaged LWN to ask if the database will be updated again. - I've been researching alternative ways to get the job done: - Other DBs with similar goals of aggregating issues and reports. - Reviewing all the mail from oss-security - Subscribing to and reviewing all the mail from all the distro's that LWN watched - other options? This is a tough spot to be in, and I am hoping LWN will continue. Either way, we should likely expand our tooling to support other sources as well. If anyone has any ideas or suggestions, I'm all ears :) Best, Graham Christensen _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev