FYI, snapcraft can build from universe just fine. I suspect what you are seeking is official support so openscap can get security support, therefore USNs, therefore cvescan can get snap USN notifications. In terms of an existing stable release, IIRC it is not possible to adjust the override for something in the release pocket, but that is ok: if this is approved then with the first upload to -security we can adjust the override for that source and binary (we could do the same for an SRU to -updates). In terms of the snap USN service, it doesn't care where the package resides; it just cares that there is a USN.
As for which release, cvescan could certainly be ported to 'base: core20', but as of today, core20 is not released yet (there are snaps, but UC20 (and therefore the core20 snap) hasn't been declared officially released yet, so it probably makes sense to hold off on porting. That said, since it doesn't seem like there are any open CVEs yet so I suggest proceeding with this MIR with groovy and focal in mind and porting later. If you still need core18, I then suggest also going back to bionic. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1877696 Title: [MIR] openscap To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1877696/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
