ikeydoherty
commented
9 years ago You mean where we opt not to address a CVE?
Closed johnwhiteman closed 9 years ago
ikeydoherty
commented
9 years ago You mean where we opt not to address a CVE?
johnwhiteman
commented
9 years ago Yes. I got ping'd on this today. There will be cases when CVEs may have patches available but we decided not to do it. Maybe this is not the tool but elsewhere where we track our decision and the state is set accordingly.
From: Ikey Doherty [mailto:notifications@github.com] Sent: Tuesday, April 28, 2015 1:30 PM To: ikeydoherty/cve-check-tool Cc: Whiteman, John L Subject: Re: [cve-check-tool] Ignore Patches State (#8)
You mean where we opt not to address a CVE?
— Reply to this email directly or view it on GitHub https://github.com/ikeydoherty/cve-check-tool/issues/8#issuecomment-97198985 . https://github.com/notifications/beacon/ALGQ_T2aM7Ry9fMdLvkziukXYgFZEc2Tks5oD-VVgaJpZM4EK_v_.gif
ikeydoherty
commented
9 years ago We've already got that, just create a cve-xxxx-xxxx.nopatch file :)
johnwhiteman
commented
9 years ago This is complete now. New status state added. Now reflected in html report.
How do we want to handle cases where patches exist but we don't plan to use them for whatever reason? This is another state that should be added for tracking purposes.