From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-98487-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 14D08158020
	for <garchives@archives.gentoo.org>; Sat, 12 Nov 2022 05:09:56 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 0E86CE0A03;
	Sat, 12 Nov 2022 05:09:52 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id C62B6E09D8
	for <gentoo-dev@lists.gentoo.org>; Sat, 12 Nov 2022 05:09:51 +0000 (UTC)
Message-ID: <68c8ce8bf2bf90b239b63bb65935c2c3e91c7554.camel@gentoo.org>
Subject: Re: [gentoo-dev] [RFC] A new GLSA schema
From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= <mgorny@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Date: Sat, 12 Nov 2022 06:09:47 +0100
In-Reply-To: <CAHY5Mef4mnJpTpYCsd5E=D5Ex-27vNxVWZwJMDu9Kc1iADPqhw@mail.gmail.com>
References: <Y2xhlbizeJmhJ/AC@gentoo.org>
	 <626eaf6c-f41e-3dfd-2750-39c4522175c1@gentoo.org>
	 <Y22W8kqJskaMxDpS@gentoo.org>
	 <CAHY5Mef4mnJpTpYCsd5E=D5Ex-27vNxVWZwJMDu9Kc1iADPqhw@mail.gmail.com>
Organization: Gentoo
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.44.4 
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
X-Archives-Salt: bcb8befa-0acc-45f6-8dc0-897af9c0c339
X-Archives-Hash: e5ef382d8e347652aed7fc505018240f

On Fri, 2022-11-11 at 16:06 -0600, Gordon Pettey wrote:
> On Thu, Nov 10, 2022 at 6:27 PM John Helmert III <ajak@gentoo.org> wrote:
>=20
> > On Thu, Nov 10, 2022 at 09:49:27PM +0100, Jonas Stein wrote:
> > > On 10/11/2022 03:27, John Helmert III wrote:
> > > > The first GLSA in glsa.git is GLSA-200310-03, the third GLSA of
> > > > October 2003. It used roughly the same format of the GLSAs we relea=
se
> > > > today, in 2022, making that format almost as old as me.
> > >=20
> > > IFF we change the format, we should not invent a new standard [1] but
> > > use existing one like CSAF [2]
> > >=20
> > > [1] https://imgs.xkcd.com/comics/standards.png
> > > [2] https://oasis-open.github.io/csaf-documentation/
> >=20
> > We're not inventing a new "standard", we're upgrading the format we use
> > to distribute GLSAs.
> >=20
>=20
> Standard, format, semantics. You are producing a new schema in a field
> where at least one usable (and already-improved?) schema exists. NIH?

GLSA: 2003
CSAF: 2016

Sure sounds like OASIS did a NIH there.

--=20
Best regards,
Micha=C5=82 G=C3=B3rny