You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is correct! build 757 is earlier than build 10472. However, if we're comparing Centos8 artifacts against RHEL8 data (which we do), than it is incorrect, because the build numbers are not comparable.
In other words, when comparing module build numbers within RHEL itself, build number is potentially an important part of the version number. However, when comparing across clones (e.g. RHEL to centOS), the build number is not a valid part of the comparison.
We should investigate two different courses of action:
For the RHEL clones that we compare to RHEL vulnerabilities, we should examine whether they have a reliable vuln feed we can use instead
We should change Grype code so that the version comparison is aware of whether it is comparing across clones
Consider two version numbers:
This is correct! build 757 is earlier than build 10472. However, if we're comparing Centos8 artifacts against RHEL8 data (which we do), than it is incorrect, because the build numbers are not comparable.
In other words, when comparing module build numbers within RHEL itself, build number is potentially an important part of the version number. However, when comparing across clones (e.g. RHEL to centOS), the build number is not a valid part of the comparison.
We should investigate two different courses of action:
Originally posted by @willmurphyscode in #2375 (comment)
The text was updated successfully, but these errors were encountered: