[LEDE-DEV] [RFC] adding CPE IDs to package Makefiles
Jo-Philipp Wich
jo at mein.io
Sun Oct 1 06:24:45 PDT 2017
Hi,
> Can't we just take the version from the PKG_VERSION entry and provide a
> way to overwrite it with some other variable in case the CVE database
> uses a different version number format?
yes, I was thinking something similar, like using
$(PKG_CPE):$(PKG_VERSION) if there is no version included already.
But I have not yet investigated if that would work in all cases, if the
version numbers are usable as-is etc.
> We could check if this version number is available in the CVE database
> and warn the user if this is not the case, but we could probably cover
> 90% of the packages.
Yes, assuming that we do get the versions properly included.
~ Jo
More information about the Lede-dev
mailing list