OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

csaf message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [CSAF] TC meeting on 2021-05-26 & Editor revision 2021-05-21

Dear colleagues,

in preparation of our meeting on May 26, 2021 please review (and comment on if you like) any open ticket (or where available the associated PR) with the label: "tc-discussion-needed" Currently these are:
- #262: Consider broaden the definition of impact (https://github.com/oasis-tcs/csaf/issues/262) => PR available (https://github.com/oasis-tcs/csaf/pull/263)
- #260: Consider VEX definition alignment for product_status (https://github.com/oasis-tcs/csaf/issues/260) => PR available (https://github.com/oasis-tcs/csaf/pull/266)
- #248: Extend definition of product to encompass open source projects. (https://github.com/oasis-tcs/csaf/issues/248) => Suggestions available
- #247: Use of the term vendor does not encompass open source projects effectively (https://github.com/oasis-tcs/csaf/issues/247)  => Suggestions available
- #220 & #221: Clarify the involvements section (https://github.com/oasis-tcs/csaf/issues/220, https://github.com/oasis-tcs/csaf/issues/221)=> PR available (https://github.com/oasis-tcs/csaf/pull/255)
- #204: Consider a set of proven values for maxima of string and array lengths (https://github.com/oasis-tcs/csaf/issues/204) => PR available (https://github.com/oasis-tcs/csaf/pull/256)
- #193: As a consumer I want every CSAF document to be a security advisory. (https://github.com/oasis-tcs/csaf/issues/193) => Suggestion of profiles for CSAF: see comment of tschmidtb51 from Mar 15, 2021

Please also have a look at the open pull requests if possible.

A new editor revision has been published: https://github.com/oasis-tcs/csaf/blob/editor-revision-2021-05-21/csaf_2.0/prose/csaf-v2-editor-draft.md

It covers the folowing areas:
- add tests (as discussed during last TC meeting)
- polish/finish semantic versioning (as discussed during last TC meeting)
- add new conformance targets validators
- add basic rules for distributing CSAF document (as agreed on TC meeting Jan 27th, 2021)
- clarify that /document/tracking/id must be unique for the issuing organization
- editorial nits and changes

Best regards,
Thomas

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]