/srv/irclogs.ubuntu.com/2022/02/24/#ubuntu-security.txt

=== arif-ali_ is now known as arif-ali
=== arif-ali_ is now known as arif-ali
=== mirespace_ is now known as mirespace
=== arif-ali_ is now known as arif-ali
amahajanHello everyone!21:56
amahajanI hope you are doing well.21:56
amahajanI am trying to understand from what is the right source for consuming the OVAL feed for ubuntu vulnerability data.21:56
amahajanWe use Quay Clair for scanning and it uses the feed from https://people.canonical.com/~ubuntu-security/oval/21:56
amahajan (https://github.com/quay/claircore/blob/main/ubuntu/updater.go#L18-L21)21:56
amahajanThis does not match the source mentioned on the Ubuntu OVAL page21:56
amahajanhttps://people.canonical.com/~ubuntu-security/oval/HEADER.html21:56
amahajanWhat is the difference between these two sources?21:56
sarnoldhrmph, I guess the redirect on https://people.canonical.com/~ubuntu-security/oval/ wasn't enough to redirect requests for the ovals themselves.. there's still files there, but they haven't been updated since november.22:03
amahajanOkay. So it seems the previous link should no longer be used.22:19
sarnoldyeah; are you on the bug report, or shall I file it?22:21
amahajanI can. I am not sure which is the right place to file it though22:22
sarnoldme neither, but if you click the three dots on the left side of the github link, that'll give a popup with a "reference in new issue" link that will probably do the right thing22:23
amahajanI can raise an issue for Clair. I am not sure how what the fix is for the old feed - people.canonical.com22:28
amahajanAnd where can I file it.22:29
amahajanI feel the data should be removed from the link so that customers consuming it start failing instead of assuming that the data represents the latest vulnerability feed.22:29
sarnoldyeah, I did briefly think about just deleting them all :) before wondering what *that* would break.. heh22:31
amahajanYeah. makes sense. but in this case - it may be better to let things break maybe. :)22:32
sarnoldmaybe22:33
amahajanThank you for your reply!! It helped me understand some discrepancies I was observing.23:08
sarnoldamahajan: thanks :) I hadn't realized we weren't generating these things for a few months, heh23:12

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!