[debian][CPE] declaration of Debian CPE entry to MITRE
Raphael Hertzog
hertzog at debian.org
Thu Jun 15 14:58:41 UTC 2017
On Thu, 15 Jun 2017, phil at reseau-libre.net wrote:
> For Debian kfreebsd, i don't know if a separated CPE is effectively required
> or not. As far as i know, it would be easier to keep one reference, but the
> official cpe defines "debian_linux"
> (cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*).
I don't know either... keep in mind that Debian k/FreeBSD never released
as an officially supported architecture. It was once "technology preview"
in squeeze, then not really part of jessie (available separately), and
entirely absent in stretch.
Is it really important to have a CPE for an unsupported OS?
> > 9.0 (stretch) is not yet out so it would be a bit early to have it
> > recorded already, no?
>
> Agreed. If it takes some time between the release of stretch and an official
> CPE declaration i can define on in the SCAP-security-guide directly, as a
> local CPE dictionnary as it is accepted by the standard.
I don't know if there's such a requirement and if it takes time, you
should ask the security team if you want to be sure. It's just my
assumption.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
More information about the Pkg-security-team
mailing list