From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5E513158020 for ; Thu, 10 Nov 2022 06:54:11 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5EB76E0942; Thu, 10 Nov 2022 06:54:07 +0000 (UTC) Received: from mx10.schiffbauer.net (mx10.schiffbauer.net [IPv6:2a01:4f8:222:30c7::2]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E75BBE091D for ; Thu, 10 Nov 2022 06:54:06 +0000 (UTC) Received: from [206.83.114.33] (port=52384 helo=bart) by mx10.schiffbauer.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1ot1Rt-0007Cc-2f for gentoo-dev@lists.gentoo.org; Thu, 10 Nov 2022 07:54:05 +0100 Date: Thu, 10 Nov 2022 16:46:52 +1000 From: Marc Schiffbauer To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [RFC] A new GLSA schema Message-ID: <20221110064652.cnysxtkbmrf3xrxw@schiffbauer.net> Mail-Followup-To: gentoo-dev@lists.gentoo.org References: <2D2DD2C1-019D-4305-A3C1-AAC867D28F50@gentoo.org> <20221110041009.ntkmlsrfi6au4r2o@schiffbauer.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="a6hlmiyyrnicd7wb" Content-Disposition: inline In-Reply-To: X-Virus-Scanned: by ClamAV (http://www.clamav.org) X-Archives-Salt: fe00d608-787d-4eec-8a87-ded843a3b245 X-Archives-Hash: cc445f2e44151981ddc3c286560f26be --a6hlmiyyrnicd7wb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * John Helmert III schrieb am 10.11.22 um 14:19 Uhr: > On Thu, Nov 10, 2022 at 02:10:09PM +1000, Marc Schiffbauer wrote: > > * Sam James schrieb am 10.11.22 um 13:58 Uhr: > > >=20 > > > I think we'd rename impact -> description but description would now > > > be "description of the problem" and not "description of the package". > >=20 > >=20 > > +1, but additionally having the short description of the package sounds= =20 > > still useful to me, as not always everybody knows what any package is= =20 > > exactly for and the description will help a lot in telling the=20 > > impact/danger of your own infra that might be caused by that package. > >=20 > > -Marc >=20 > Are you saying you rely on the background field, which is generally > just the package's DESCRIPTION? Maybe glsa-check should just spit out > the package's DESCRIPTION then too. Sometimes the GLSA-Mails will be send to some team mailbox for example,=20 and a teammember has to decide how urgent an update may be. Having a=20 little description for the software mentioned in the GLSA is helpful=20 then. --a6hlmiyyrnicd7wb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEMQyApFXSKKmBt8XxODfGO0Yy7b8FAmNsnlwACgkQODfGO0Yy 7b+qMw//TvJhQLG2K7zHd4ecVrqFhzFskZvezjfU9Y9W6mjh2fIlDps+Mx/8TnkE FFGvIg6OiRbG9I9z2Z+mxuZmkJwL8ks5JqzGzFA8p1VkZii5EUJF3ZEJ38OxgGPh jfbYFCRM+WzcgMm98iXuJBQ2u9KX+XkT//dho0jxvgP1JaAi2hOxNLJj8UQh8WSC u75g2Ko/yyzz3Wh5Z6MOz+uHvE82o+h77cl36q6I7TYRCWD/HcmV4imH+JNKW0W/ HU+3foMMx336UuFfzcv3YrQxDlvhBjhGZHxvRTj6Aiqb5bOzW9k8z5hXxsPXnJ6N AWEXaqp00grr3UphuCayYIchEg3uj7r9YUlwNDZ/yKNvO5J4k7BHJ5cTHpB9H3vd 17UxguYXb1lia9hD6ZN478E845TMP79oKhZkxEKSuDLBGba0P1dBC/D1AFg41jiX uZCiL9OwTeYTSPZ1vQuv1DBJAf9A3u4O5Ydgqr3ZhX1kd/FYWb7Yq120rKI7R01/ phx5GqrgS8GvqWDlPGN85Msn1XqkX9E2Cs2E8RqFAWWqWZyRppIyd+LfSP9M6vgx ALbEjDUIYkgK1HiOc7SOqb9+sR1AWG2SIDD984bD6TVOybpR4147ZIA382M6WkLy SWmlG0AalthEbwYdCe1D3W+T1sErlrjbR3oFrtxjeqq3ZXXkuOI= =3JM7 -----END PGP SIGNATURE----- --a6hlmiyyrnicd7wb--