feature request: use sqlite for acknowledgements/reporting

[cwarner-mdsol]

So i'm using sqlite and wondering if it'd make our jobs easier by storing the affected binaries/packages in a db to keep track of what is acknowledged/unacknowledged on the system instead of having to care about the stylesheet. We'd probably have to rewrite cvereport, obviously we could try to keep it compatible but it'd make report processing much easier, so for instance a brief example use case would be something like.

Usage: cvereport -d <reportdirectory> <acknowledgements>
       cvereport -d <reportdirectory> <CVEYEAR> <VERSION> <HOST> 
       cvereport --acknowledge <CVEID> --score 5.0 (where the CVSS score is greater than 5.0)
       cvereport --acknowledge <[FILE LIST]>
       cvereport --reset <CVEID> (where a CVEID is marked unacknowledged)

Or something along the lines. There is an argument that you can just run a cvechecker -r -C, pipe this output to whatever cv parser and then do things based on that, but, then that's pretty much a report. There are probably a couple of default cases we can come up with for the report but I need to write this functionality for a testing harness I wrote so any feedback you have here would be great!

[sjvermeu]

I think using sqlite for this would be great. I originally used the XMLs because the company for which I wrote could easily generate that, whereas using other formats was less fruitful. However, they don't use the acknowledgements anymore.

I don't mind if we don't keep compatibility as long as there is a simple migration possible (or compatibility for one release and marking it deprecated).

[cwarner-mdsol]

Sounds reasonable.. i'll try to mock up something in the next couple of days