[openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

Reshetova, Elena elena.reshetova at intel.com
Thu Aug 6 15:58:54 UTC 2015


> I guess it depends on whether the tool needs to read the entire database
to perform its queries (in which case using AFS would be basically the same
as downloading).

I am including below the reply from Michael, cve-check-tool maintainer, and
also including him in this conversation.

" Right now we force-update the database every 4 hours as this is roughly
how often the NVD DB is centrally updated with new/modified entries.

This behaviour can be disabled, and cve-check-update can be run to manually
update. We download all of the NVD XML feeds and convert them into a local
sqlite3 database for faster usage.

What you're proposing sounds more like making cve-check-tool run as a
Security As A Service setup, which is feasible. Would they be hosting
internal copies of the XML feeds or prefer a central remote DB to be used
here?"

-----Original Message-----
From: Jeremy Stanley [mailto:fungi at yuggoth.org] 
Sent: Wednesday, August 5, 2015 10:16 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Security] Would people see a value in the
cve-check-tool? (Reshetova, Elena)

On 2015-08-05 09:54:52 -0700 (-0700), Clint Byrum wrote:
> Doesn't this feel like a job for AFS? Maintain the db there, and let 
> the nodes access it as-needed?

I guess it depends on whether the tool needs to read the entire database to
perform its queries (in which case using AFS would be basically the same as
downloading).
--
Jeremy Stanley

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7586 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150806/c32cc961/attachment.bin>


More information about the OpenStack-dev mailing list