On Monday 29 of August 2016, Elan Ruusamäe wrote: > On 29.08.2016 08:02, Arkadiusz Miśkiewicz wrote: > > Interesting > > > > https://github.com/videns/vulners-scanner > > > > TODO: incorporate that (API) into our infrastructure to check ftp > > contents > > i've seen such projects in the past. > > but i lost interest to them after i found that they compare just > package-db versions, not actual file blob contents.
Right, that will be a problem. If these provide CVE info then maybe we could check changelog contents of our packages and skip these with info about cve fixed. -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) _______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en