Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

discussion: feature wishlist brainstorming #2947

Closed
terriko opened this issue Apr 26, 2023 · 1 comment
Closed

discussion: feature wishlist brainstorming #2947

terriko opened this issue Apr 26, 2023 · 1 comment
Labels
discussion Discussion thread or meeting minutes that may not have any trivially fixable code issues associated

Comments

@terriko
Copy link
Contributor

terriko commented Apr 26, 2023

We didn't get to discuss this too much during this morning's meeting (we had a lot to talk about on CI and NVD challenges, particularly around a bug @anthonyharrison found in our API2 code and ongoing availability issues), so I'm going to just open a thread here. We might resume the discussion in our May meeting.

This is a place to brainstorm new cve-bin-tool ideas or revisit ones that we haven't worked on yet. They don't have to be good ideas or even feasible ideas yet, it's mostly a chance to discuss. Some of these might be viable for our summer release (no date yet but usually partway through the GSoC term), some may be longer-term ideas.

Some things that are already on our radar (but you can discuss further below):

  • NVD mirroring:
    • We've got a sandbox area in a separate org here: https://github.com/orgs/sec-data/repositories (ping me if you want your own sandbox and/org access to the org)
    • @b31ngd3v has got some initial data export code already merged in main and an open pull request to add signing feat: add support for pgp signing (#2577) #2882 (signing was requested by the folk who'll be hosting the mirrors -- they just want to be able to prove that they mirrored what we have exactly)
    • We know we're pushing up on the deadlines for when NVD is going to turn off the "legacy" systems (September... ish?)
  • All the gsoc projects. We're not allowed to give any hints that might indicate what projects have been ranked so assume for now that everything is in scope and we'll wait for the Google announcement on May 4 before we go into plans around those.
    • One exception: we had a few ideas that got 0 applicants, so some of those might get released into the bug pool a bit early while the hackathon folk are looking for self-contained issues to work on.

So... what do you think might be interesting to do with cve-bin-tool? What bugs you right now?
@terriko terriko added the discussion Discussion thread or meeting minutes that may not have any trivially fixable code issues associated label Apr 26, 2023
@terriko
Copy link
Contributor Author

terriko commented Apr 17, 2024

We're about due for a new annual discussion on this, so I'm going to go ahead and close this older thread and a new one will likely pop up in conjunction with a monthly meeting!

@terriko terriko closed this as completed Apr 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion Discussion thread or meeting minutes that may not have any trivially fixable code issues associated
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@terriko