Eduardo Barretto

We are considering now the noble profile ready. Note that it will only land in version 0.1.77. Let us know in case of issues.

> It seems that `linux-oracle-5.15` shows in a lot of Ubuntu CVEs. This makes the query take a long time. [Each CVE](https://osv.dev/list?q=linux-oracle-5.15&ecosystem=Ubuntu) also lists information about a lot of other...

> Hey @dodys, while implementing a fix for these queries, I noticed that > > ``` > $ curl -d '{"package": {"name": "linux-oracle-5.15", "ecosystem": "Ubuntu:20.04:LTS"}, "version": "5.15.0-1065.71~20.04.1"}' "https://api.osv.dev/v1/query" > ```...

I honestly don't like the name `upstream` in this context. Not all vulnerabilities is targeted to upstream projects. We do have vulnerabilities that are reported in specific ecosystems and specific...

> > In that example, I think that's what `aliases` is for, if I'm understanding correctly, where the CVE and the Ubuntu advisory affect the same set of software. >...

@evgenyz fyi

> Can you please check what `xmlsec1 --verify --id-attr component --id-attr data-stream simple_ds_valid_sign.xml` does? ``` $ xmlsec1 --verify --id-attr component --id-attr data-stream tests/DS/signed/simple_ds_valid_sign.xml Verification status: FAILED Failure reason: KEY-NOT-FOUND Error:...

> Also worth trying: `xmlsec1 --verify --enabled-key-data rsa --enabled-key-data key-value --id-attr component --id-attr data-stream simple_ds_valid_sign.xml` ``` $ xmlsec1 --verify --enabled-key-data rsa --enabled-key-data key-value --id-attr component --id-attr data-stream tests/DS/signed/simple_ds_valid_sign.xml Verification status:...

OpenSCAP 1.4.3 is not shipped in any Ubuntu (or Debian) release so far, therefore we have no intention or buffer to work on this at the moment. I would proposed...

@pietro028 have you tried with the latest version 0.1.77? is this issue still happening?