jwoytek-cisa
commented
4 months ago @ncrocfer excellent catch! Thank you for this report! It is actually not intentional--as we moved to fully automated repository updates, the automation was happily creating empty commits when there were no updated files to push. This is annoying and can cause more headaches for people and machines looking for changes. I'm making updates to the script now and will have those live in a little while. That won't fix the existing empty commits, but we shouldn't see any moving forward.
ncrocfer
🐛 Summary
Multiple empty commits in the git history.
To reproduce
Hi everyone,
First of all thank you for this repository ! The lack of data from the NVD is complicated for vulnerability management solutions and the work you do with this repository is really appreciated 👍
We noticed a lot of empty commits in this repository. I think one of your scheduler create commits each hour, even if no change has been detected.
It's not really annoying for automatic parsers, we just have to check if the commit contains "something" new or updated, but the real issue is about the git history that be complicated to read it.
It seems right now 80 commits out of 130 are empty (based on this command). Is-it intentional ?
Expected behavior
Create a commit when a new CVE is created or a change in an existing CVE is detected.