Harsh Mishra

Hi @derailed do you need a maintainer for Linux packages ?

nice

First draft for importer published.

May I work on this issue I have gotten a rough Idea about how advisories are being imported. Please see @ziadhany and @TG1999

Sure @pombredanne I'll be asking wherever I get stuck

Hi @pombredanne , I had problem figuring out the purl for glibc from glibc. I had a look at [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec) I came up with `pkg:generic/glibc@version?commit=commit-id` may I proceed with it...

@siddhesh and @pombredanne I wrote a sample parser to parse advisories at [https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;h=a0872e990274aee4d881508dad1bce3ea49d4d07;hb=HEAD](https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;h=a0872e990274aee4d881508dad1bce3ea49d4d07;hb=HEAD) Please check the format, this will be adapted to AdvisoryData in final importer ``` def parse_advisory(file): """...

> @harsh098 re: > > > I wrote a sample parser to parse advisories at https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;h=a0872e990274aee4d881508dad1bce3ea49d4d07;hb=HEAD > > Can you push this in a branch with some tests? Since there...

Also, I wanted to ask @pombredanne how do you fetch the tags in the `VCSResponse` class as this would be very valuable in determining affected versions for versions like `pre-2.39`...

> @harsh098 Please start a PR early, even if this is only for the parser. We cannot review code otherwise. That's the FOSS way! If anything that will help us...