=== arif-ali_ is now known as arif-ali | ||
=== arif-ali_ is now known as arif-ali | ||
=== mirespace_ is now known as mirespace | ||
=== arif-ali_ is now known as arif-ali | ||
amahajan | Hello everyone! | 21:56 |
---|---|---|
amahajan | I hope you are doing well. | 21:56 |
amahajan | I am trying to understand from what is the right source for consuming the OVAL feed for ubuntu vulnerability data. | 21:56 |
amahajan | We use Quay Clair for scanning and it uses the feed from https://people.canonical.com/~ubuntu-security/oval/ | 21:56 |
amahajan | (https://github.com/quay/claircore/blob/main/ubuntu/updater.go#L18-L21) | 21:56 |
amahajan | This does not match the source mentioned on the Ubuntu OVAL page | 21:56 |
amahajan | https://people.canonical.com/~ubuntu-security/oval/HEADER.html | 21:56 |
amahajan | What is the difference between these two sources? | 21:56 |
sarnold | hrmph, I guess the redirect on https://people.canonical.com/~ubuntu-security/oval/ wasn't enough to redirect requests for the ovals themselves.. there's still files there, but they haven't been updated since november. | 22:03 |
amahajan | Okay. So it seems the previous link should no longer be used. | 22:19 |
sarnold | yeah; are you on the bug report, or shall I file it? | 22:21 |
amahajan | I can. I am not sure which is the right place to file it though | 22:22 |
sarnold | me neither, but if you click the three dots on the left side of the github link, that'll give a popup with a "reference in new issue" link that will probably do the right thing | 22:23 |
amahajan | I can raise an issue for Clair. I am not sure how what the fix is for the old feed - people.canonical.com | 22:28 |
amahajan | And where can I file it. | 22:29 |
amahajan | I feel the data should be removed from the link so that customers consuming it start failing instead of assuming that the data represents the latest vulnerability feed. | 22:29 |
sarnold | yeah, I did briefly think about just deleting them all :) before wondering what *that* would break.. heh | 22:31 |
amahajan | Yeah. makes sense. but in this case - it may be better to let things break maybe. :) | 22:32 |
sarnold | maybe | 22:33 |
amahajan | Thank you for your reply!! It helped me understand some discrepancies I was observing. | 23:08 |
sarnold | amahajan: thanks :) I hadn't realized we weren't generating these things for a few months, heh | 23:12 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!