In order to use conda-forge inside a corporate environment we require a curated page listing known or fixed vulnerabilities. I can’t seem to find one. Can somebody help?
Here’s an example - PostgreSQL: Security Information
Can you describe what you really like to see here? The page you linked is for a software product, not a distribution of software. You will find the CVEs for every package probably upstream with the software products themselves.
The link for Postgres in my original post is typical of the advisory expected from an open-source software site. Doesn’t conda-forge have some standard of what is expected of distributions hosted within it?
As said before, Postgres is a software itself whereas conda-forge is a distribution of software but not a software on its own. Thus I would expect a page for conda-forge to simply refer to the Postgres page.