FS#72083 : arch-audit: report per-package CVEs in stable order

FS#72083 - arch-audit: report per-package CVEs in stable order

Attached to Project: Community Packages
Opened by gesh (gesh) - Thursday, 09 September 2021, 13:12 GMT
Last edited by Levente Polyak (anthraxx) - Sunday, 12 September 2021, 19:00 GMT

Task Type	Feature Request
Category	Packages
Status	Closed
Assigned To	Christian Rebischke (Shibumi) Levente Polyak (anthraxx)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description: `arch-audit` (as of version 0.1.20) doesn't preserve CVE order
between invocations. This leads to annoyances -- eg one of my sources of
security news is to keep a log of the current CVEs and diffing it against
`arch-audit`'s output. Since the order isn't stable, I get spurious changes.

(My script essentially outputs
```
git diff --no-index --word-diff "$cve_db" <(arch-audit --format '%t s %n: %c' | sort)
```
)

Steps to reproduce: Unclear. Noticed it in particular today with an update that
just permuted the `linux` errors without changing them.

This task depends upon

Closed by Levente Polyak (anthraxx)
Sunday, 12 September 2021, 19:00 GMT
Reason for closing: Upstream
Additional comments about closing: please report this bug in the upstream bug tracker. Thank you

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#72083 - arch-audit: report per-package CVEs in stable order

Details

Loading...