Comment # 3 on bug 1190861 from Marcus Meissner

https://ftp.suse.com/pub/projects/security/oval/

now has https://ftp.suse.com/pub/projects/security/oval/opensuse.tumbleweed.xml

for the vulnerability (CVE <-> RPM) OVAL XML.

as we do not support "patch" style updates for tumbleweed, the -patch.xml is
not that useful, but is also generated.