From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 97CCC158020 for ; Fri, 11 Nov 2022 22:43:25 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 629AAE09EC; Fri, 11 Nov 2022 22:43:22 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0198CE08A2 for ; Fri, 11 Nov 2022 22:43:21 +0000 (UTC) From: Sam James Content-Type: multipart/signed; boundary="Apple-Mail=_4B6B6290-7AB6-4284-A573-24F621708A9B"; protocol="application/pgp-signature"; micalg=pgp-sha512 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.12\)) Subject: Re: [gentoo-dev] [RFC] A new GLSA schema Date: Fri, 11 Nov 2022 22:43:03 +0000 References: <626eaf6c-f41e-3dfd-2750-39c4522175c1@gentoo.org> <62C57F52-AAF6-4105-9276-EA5CAAEABB7E@gentoo.org> To: gentoo-dev@lists.gentoo.org In-Reply-To: <62C57F52-AAF6-4105-9276-EA5CAAEABB7E@gentoo.org> Message-Id: <018B23C1-7F65-4D99-A2E0-03B5280918FC@gentoo.org> X-Mailer: Apple Mail (2.3731.200.110.1.12) X-Archives-Salt: 534b848d-fd1d-4f2b-9128-5dc898907b2e X-Archives-Hash: a80f4e2f763b7e48a69ef5ec46d34525 --Apple-Mail=_4B6B6290-7AB6-4284-A573-24F621708A9B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On 11 Nov 2022, at 22:40, Sam James wrote: >=20 >=20 >=20 >> On 11 Nov 2022, at 22:06, Gordon Pettey wrote: >>=20 >> On Thu, Nov 10, 2022 at 6:27 PM John Helmert III = wrote: >> On Thu, Nov 10, 2022 at 09:49:27PM +0100, Jonas Stein wrote: >>> On 10/11/2022 03:27, John Helmert III wrote: >>>> The first GLSA in glsa.git is GLSA-200310-03, the third GLSA of >>>> October 2003. It used roughly the same format of the GLSAs we = release >>>> today, in 2022, making that format almost as old as me. >>>=20 >>> IFF we change the format, we should not invent a new standard [1] = but >>> use existing one like CSAF [2] >>>=20 >>> [1] https://imgs.xkcd.com/comics/standards.png >>> [2] https://oasis-open.github.io/csaf-documentation/ >>=20 >> We're not inventing a new "standard", we're upgrading the format we = use >> to distribute GLSAs. >>=20 >> Standard, format, semantics. You are producing a new schema in a = field where at least one usable (and already-improved?) schema exists. = NIH? >=20 > Can you point to a format which would support using our ebuild = operators > & syntax rather than making a (very) vague suggestion? >=20 > See also ajak's point about being the one to implement it, in lieu > of volunteers. Oh I see, I'd missed the actual link to CSAF, sorry. I'll take a look. It's not clear to me yet if this is going to be a good fit for distributions though, as we're not a normal "vendor". Are you aware of any other Linux distros using this? --Apple-Mail=_4B6B6290-7AB6-4284-A573-24F621708A9B Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iNUEARYKAH0WIQQlpruI3Zt2TGtVQcJzhAn1IN+RkAUCY27P918UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MjVB NkJCODhERDlCNzY0QzZCNTU0MUMyNzM4NDA5RjUyMERGOTE5MAAKCRBzhAn1IN+R kCTJAP9EFzYCgtPgR5FkD8qK35gW7E7/pnHpq81hVinaq6gImwD+NluKjvm2fK9t 5f8vowovREqeMIuiKPfmJ7UN9Ksp0QA= =uNck -----END PGP SIGNATURE----- --Apple-Mail=_4B6B6290-7AB6-4284-A573-24F621708A9B--