OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: #390: URIs are not redactable

I created and pushed a revised change draft for Issue #390, “Make certain invocation and versionControlDetails properties redactable”, based on feedback that allowing URIs to be redactable is a burden on SARIF consumers:

 

https://github.com/oasis-tcs/sarif-spec/blob/master/Documents/ChangeDrafts/Accepted/sarif-v2.0-issue-390-more-redactable-properties-revised.docx

 

As part of this revision, we now allow the uri property of a top-level entry in originalUriBaseIds (which is required to be an absolute URI, and hence subject to security and determinism concerns) to be omitted. We also incorporate feedback from Jim Kupsch that “nested artifact” URIs can’t be required to start with  "/", and we incorporate his explanation of that point.

 

Please take a look. We still plan to open the CSD 2 ballot on Monday.

 

Thanks,

Larry

 

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]