feat: add message about mirror when nvd is down #3547
Comments
|
Yes, it would be great, because the user does not know what is behind the curtain. :) |
|
hey @terriko , I would like to take on this issue. Could you please guide a bit on how to get started with it. |
|
A quick way to start:
I think it generates a request network timeout error or something similar. Make sure whatever you do doesn't break whatever we have in place to do retries and only happens after we've given up on those. This likely isn't a super easy bug so be prepared for it to be confusing! We also have a vague intention of standardizing the network libraries we use to all be requests, so if switching to requests right now makes your job easier don't be afraid to go that route. |
|
Hey @ayushthe1, are you working on this? |
Yes @Dev-Voldemort , I'm working. Will open a PR in few days on it. Was busy in my exams, so have been late on it. 😀 |
|
any update ?? |
|
@terriko I am taking this issue |
@torabi12 posted a really interesting screenshot of what it looked like when NVD API2 failed while NVD was down:
Originally posted by @torabi12 in #3541 (comment)
We should really make it easier for people to find out that if NVD is down they could fail over to the https://cveb.in mirror. I'd suggest if we have any sort of network failure with NVD that fails completely (e.g. do let it actually retry appropriately before failing over) we should print a big warning message explaining that NVD appears to be down and we're reverting to the mirror, then do that.
We should also update our documentation to make sure we explain how to switch to the mirror if you're having other weirdness with NVD (it happens sometimes, and is likely to happen more as they do some technical changes in December). The answer is you have to remove your NVD_API_KEY from your config/environment/command line flags, and I don't think that's terribly obvious.
The text was updated successfully, but these errors were encountered: