@@ -2017,7 +2017,8 @@ By default it determines the PyPI package name based upon BPN (stripping the
need to set it manually in the recipe by setting :term:`PYPI_PACKAGE`.
Variables set by the ``pypi`` class include :term:`SRC_URI`, :term:`SECTION`,
-:term:`HOMEPAGE`, :term:`UPSTREAM_CHECK_URI`, and :term:`UPSTREAM_CHECK_REGEX`.
+:term:`HOMEPAGE`, :term:`UPSTREAM_CHECK_URI`, :term:`UPSTREAM_CHECK_REGEX`
+and :term:`CVE_PRODUCT`.
.. _ref-classes-python_flit_core:
@@ -1516,7 +1516,9 @@ system and gives an overview of their function and contents.
In a recipe, defines the name used to match the recipe name
against the name in the upstream `NIST CVE database <https://nvd.nist.gov/>`__.
- The default is ${:term:`BPN`}. If it does not match the name in the NIST CVE
+ The default is ${:term:`BPN`} (except for recipes that inherit the
+ :ref:`pypi <ref-classes-pypi>` class where it is set based upon
+ :term:`PYPI_PACKAGE`). If it does not match the name in the NIST CVE
database or matches with multiple entries in the database, the default
value needs to be changed.