[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Overview of CSAF web sites
Colleagues,
to get an overview of the TC's work and available information, I browsed the public web sites and tried to gather all links. It wasn't easy for me to understand the current state of CSAF, and this is due to quite a lot of different Github repositories and confusing/outdated information in various places.
I would hope that it will be easier for other interested parties to get into CSAF more quickly if we clean up the current state.
In the following I will show you what I found, and I added some comments and suggestions for improvement to some of the locations.
Github:
â CSAF web site: https://oasis-open.github.io/csaf-documentation/
â It is not clear that this web site belongs to CSAF, as the terms CVRF and CSAF are used in a confusing way:
 The site's title is "CSAF CVRF 1.2"
 Prominent link to "CVRF 1.2 Spec Doc"
 Paragraph about "CVRF Adoption"
â Github project for web site: https://github.com/oasis-open/csaf-documentation/
-> We should clean this site to make clear that the next version will be CSAF 2.0 based on the previous XML-based spec CVRF 1.2
â TC's main Github repository: https://github.com/oasis-tcs/csaf
â Contains major work of TC: the JSON schema and examples
â Many old artifacts in repository
-> This should be cleaned up. Analysis and suggestions are below [1]
â CSAF parser: https://github.com/oasis-open/csaf-parser
â What is the current state here? It seems to be only a CVRF parser, as it does not have references to JSON in its code
-> Add prominent statement in README of repository to make this clear?
â External web site: https://github.com/TIBCOSoftware/vulnrep
â CVRF/CSAF importer/exporter by Eric
Google Docs:
â Draft spec: https://docs.google.com/document/d/1Dk7kslzyX6UDueFXWE4Cz6Erp3oSWuqQ5kHaV_JuApM
â TODO: https://docs.google.com/document/d/1jB-XH6GX79zfOWtV-QasbNjsD9V91Qjjl1PkX10kCZ0
Please tell me if I missed some places.
I propose to talk about my suggestions in the meeting tomorrow!
Best regards,
Tobi
[1]
Detailed analysis of the main Github repo:
â /artifact_linkage
 Proposal from Stefan Hagen in 2016 to streamline committee work
-> Is this still current? Do we need to keep it?
â /cvrf_1.2
 Old CVRF spec
â /issue_processing
 Another proposal from Stefan Hagen in 2016 to streamline committee work
-> Is this still current? Do we need to keep it?
â /meeting_minutes
 Minutes from TC meetings (latest from 10 months ago)
â /sandbox
 ./CVRF_repositories.md
â Contains list of CVRF repositories -> should be moved to /cvrf_1.2
 ./csaf_2.0/
-> Contains major work for CSAF 2.0. We should move this directory to the root of the repository
â ./Cvrf_1_2_errata.md
 Erratas for CVRF 1.2 -> should be moved to /cvrf_1.2
â ./cvrf_1_2_doc_elements.png
 Some graph from the CVRF spec -> delete?
â ./json_schema/
 ./csaf_json_schema.json
â Draft JSON schema for CSAF 2.0
 ./CVE-2018-0171-modified.json, ./cvrf-rhba-2018-0489-modified.json
â Examples for CSAF 2.0
-> Move examples to 'examples' directory inside /csaf_2.0, rename them in a consistent way?
 ./NOTES.md
â Open issues in the draft
â Duplicate of https://docs.google.com/document/d/1jB-XH6GX79zfOWtV-QasbNjsD9V91Qjjl1PkX10kCZ0 ?
-> Do we want to merge both documents?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]