Alexander Tereschenko

@tvyavaha, did you by any chance run your original attempts behind a proxy? You mentioned switching between networks, but just in case - was there one where HTTPS connections are...

Let me see if I understand this correctly. By "reran the command without using a proxy", do you mean that you've used a network with direct Internet connection, where no...

Ok, thank you. Indeed then it looks like we have a common root cause here and that is the lack of proxy support for the EPSS source, which should be...

Thank you and yes, I think there's certainly value in being able to disable the EPSS source, so that other fix is much appreciated as well!

I see the same problem when using CycloneDX output format as well, so it's either not limited to SPDX only as investigated previously, or that may be a format parser...

Sure, thank you. Let me come up with a reproducer in the next few days and put it into a separate issue.

Reported separately as #4184.

Looking at the https://github.com/systemd/systemd/blob/0a2fcbd2eefe2257f622576e1f9f15608a3b6e19/src/libsystemd/sd-bus/bus-convenience.c#L533 function listed by @jmbills as the culprit, I see it actually checks for process capabilities first, only then resorts to simplified E/UID checks. So probably capabilities...

> Would it help to use systemd-nspawn to help isolate processes? This looks like yet another containerization solution. While it would indeed provide the `root` powers isolation, would it really...