Date: Mon, 12 May 2025 08:54:45 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@FreeBSD.org> To: Dewayne Geraghty <dewayne@heuristicsystems.com.au> Cc: questions@freebsd.org Subject: Re: CPE as a consistent element of pkg annotations Message-ID: <86ikm6s4i2.fsf@ltc.des.dev> In-Reply-To: <1b98ae6a-d0b0-496d-a32a-3202f41244dd@heuristicsystems.com.au> (Dewayne Geraghty's message of "Mon, 12 May 2025 16:21:13 %2B1000") References: <72b26605-50ac-41c5-aca0-aaf93f091436@heuristicsystems.com.au> <86msbis8e2.fsf@ltc.des.dev> <1b98ae6a-d0b0-496d-a32a-3202f41244dd@heuristicsystems.com.au>
index | next in thread | previous in thread | raw e-mail
Dewayne Geraghty <dewayne@heuristicsystems.com.au> writes: > Dag-Erling Smørgrav <des@FreeBSD.org> writes: > > No, because we can't just make up CPEs. > I suspect you're conflating CPE with a CVE. The CPE is a construct > defined in the /usr/ports/Mk/Uses/cpe.mk file. Do me a favor and run `git log` on that file. And then maybe check who was Security Officer at the time it was added to the ports tree. DES -- Dag-Erling Smørgrav - des@FreeBSD.orghome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ikm6s4i2.fsf>