And a blockchain helps to solve which part of the problem? Some were working on mirroring all data to a git repository. In theory, that allows for easy access on all the data, versioning (with commits) and - through forks and merge requests - collaboration and distribution. Also git is a distributed repository that clones the whole history to your local drive.
github.com/…/mitre-cve-database
But with the announcement of the cve foundation, I don’t know whether they will really import all the data in this git repository.
echodot@feddit.uk 4 weeks ago
Oh yes blockchain the solution to the world’s problem. Provided the world’s problem is that the current solution works too well and we don’t like that.
We need to back this data up but that doesn’t require anything anywhere near as complicated and over-engineered as blockchain, we can just have something as simple as multiple servers.
giacomo@lemm.ee 4 weeks ago
That works too, but who controls the servers, and how is the authority handled? Backing up the data is one thing, and that can be easily done I believe. But what about for future advisories? They are published via one of the authoritative servers and synced to the other authoritative servers? How is that information verified to ensure bad actors aren’t publishing bullshit information?
I don’t think blockchain is necessarily the answer. The whole thing can just be done with signing keys, yeah?
I know everyone hates on blockchain, but I think its kinda neat and would like to see some cool applications with it one day.
echodot@feddit.uk 4 weeks ago
That’s an easy problem to solve you just hash the database. Blockchain is good at solving the problem when you don’t have a reliable Central authority but if you do have a reliable Central authority there’s no point adding blockchain to it.
And we already have the reliable central authority, we have the original database.
valkyrieangela@lemmy.blahaj.zone 4 weeks ago
Doesn’t block chaining a massive database like this also open the doors for bad actors to insert BS entries to the chain, or making illegitimate copies of the chain and redistributing them as a “genuine” copy? My understanding is that the chain may be genuine but the human readable data attached to it could be falsified, so it may be unique but it would be useless or malicious.