[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Overview of CSAF web sites
Colleagues, to get an overview of the TC's work and available information, I browsed the public web sites and tried to gather all links. It wasn't easy for me to understand the current state of CSAF, and this is due to quite a lot of different Github repositories and confusing/outdated information in various places. I would hope that it will be easier for other interested parties to get into CSAF more quickly if we clean up the current state. In the following I will show you what I found, and I added some comments and suggestions for improvement to some of the locations. Github: â CSAF web site: https://oasis-open.github.io/csaf-documentation/ â It is not clear that this web site belongs to CSAF, as the terms CVRF and CSAF are used in a confusing way:  The site's title is "CSAF CVRF 1.2"  Prominent link to "CVRF 1.2 Spec Doc"  Paragraph about "CVRF Adoption" â Github project for web site: https://github.com/oasis-open/csaf-documentation/ -> We should clean this site to make clear that the next version will be CSAF 2.0 based on the previous XML-based spec CVRF 1.2 â TC's main Github repository: https://github.com/oasis-tcs/csaf â Contains major work of TC: the JSON schema and examples â Many old artifacts in repository -> This should be cleaned up. Analysis and suggestions are below [1] â CSAF parser: https://github.com/oasis-open/csaf-parser â What is the current state here? It seems to be only a CVRF parser, as it does not have references to JSON in its code -> Add prominent statement in README of repository to make this clear? â External web site: https://github.com/TIBCOSoftware/vulnrep â CVRF/CSAF importer/exporter by Eric Google Docs: â Draft spec: https://docs.google.com/document/d/1Dk7kslzyX6UDueFXWE4Cz6Erp3oSWuqQ5kHaV_JuApM â TODO: https://docs.google.com/document/d/1jB-XH6GX79zfOWtV-QasbNjsD9V91Qjjl1PkX10kCZ0 Please tell me if I missed some places. I propose to talk about my suggestions in the meeting tomorrow! Best regards, Tobi [1] Detailed analysis of the main Github repo: â /artifact_linkage  Proposal from Stefan Hagen in 2016 to streamline committee work -> Is this still current? Do we need to keep it? â /cvrf_1.2  Old CVRF spec â /issue_processing  Another proposal from Stefan Hagen in 2016 to streamline committee work -> Is this still current? Do we need to keep it? â /meeting_minutes  Minutes from TC meetings (latest from 10 months ago) â /sandbox  ./CVRF_repositories.md â Contains list of CVRF repositories -> should be moved to /cvrf_1.2  ./csaf_2.0/ -> Contains major work for CSAF 2.0. We should move this directory to the root of the repository â ./Cvrf_1_2_errata.md  Erratas for CVRF 1.2 -> should be moved to /cvrf_1.2 â ./cvrf_1_2_doc_elements.png  Some graph from the CVRF spec -> delete? â ./json_schema/  ./csaf_json_schema.json â Draft JSON schema for CSAF 2.0  ./CVE-2018-0171-modified.json, ./cvrf-rhba-2018-0489-modified.json â Examples for CSAF 2.0 -> Move examples to 'examples' directory inside /csaf_2.0, rename them in a consistent way?  ./NOTES.md â Open issues in the draft â Duplicate of https://docs.google.com/document/d/1jB-XH6GX79zfOWtV-QasbNjsD9V91Qjjl1PkX10kCZ0 ? -> Do we want to merge both documents?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]