From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-98485-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by finch.gentoo.org (Postfix) with ESMTPS id 83397158020
for <garchives@archives.gentoo.org>; Sat, 12 Nov 2022 00:05:13 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id E3D00E0A83;
Sat, 12 Nov 2022 00:05:10 +0000 (UTC)
Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id AA42BE09E2
for <gentoo-dev@lists.gentoo.org>; Sat, 12 Nov 2022 00:05:10 +0000 (UTC)
Received: by mail-pl1-x629.google.com with SMTP id j12so5446007plj.5
for <gentoo-dev@lists.gentoo.org>; Fri, 11 Nov 2022 16:05:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:from:to:cc:subject:date:message-id:reply-to;
bh=UpwUCXVy9/kzLDeBl6xMwUvzEHs9ykD9/FSSMz/l8MM=;
b=bs3wYTw5x1ABtF1Wyhxx+jluNIzNEUew2gd6HphkR1NO3MvrISj+GlEISFw88V+FCw
JXxZDW/zNMwu7oACBjRoQtfi4CtQT6paxRdhL71fHdr69xUiJYg0QSsm4jO9BjjbiDO5
/n1VYAFCUitK70U0KZEbrBtE3iqMksIuM/oY7bWqatDsIza04GkFI3S8WpIPAYlsd1g4
k3FZuGwAKUttEcYo7lit7q6JjjQWaAwbEq3Pu+N5fhLCayhcHSW2ORyUr0Bw3O2QnLRx
w88JcSD5HBlDxD+OIl1A3bOvc0pMrAqY+cyRcUlfolDxQRjdeRzdTYgGulCWWFvEYppr
C81w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=UpwUCXVy9/kzLDeBl6xMwUvzEHs9ykD9/FSSMz/l8MM=;
b=dCHraEWTndeIVOJ1GNxcGQnzBXX7Hu1yvJ23qfUJa3Bt2265phKRUw2RNfJWdz3TGG
STzjRUnS8m0u9WvJ0X31xbxBwc+Qz12LQSz3sSCSVudzBIIf9TQ46GXjdA3e1NDyIcga
XvZIsKG0TqywfbPuotq/BiYQD/iB5+2lhUNBoN4i/EtRvuPAmxaeDn3LTn6hSeQx5NdD
hM5AU01mT9/CXTfMkOhYxS6NtkpQLlzWH6dXeMab+wR7h57/C/+UYCOOtzYmR/fLyPqO
1v2jEMAChMHSGK5rsQE+XUJ51yw7R5U2AM7S0dt4QOo59AwhV0XFUFqoHyS7MaWETP2i
x4+g==
X-Gm-Message-State: ANoB5plQTFIm3Jlms6WeQSdAoxmQ6TUx+oo+4pRvQogVeHy8p3q5/0V7
YhdljCBR0gEudtmhfFq6jCPq2xU1e+ADeMMCf9ynDHqvCGU=
X-Google-Smtp-Source: AA0mqf6Q2GFOAz7veSrujFQMNyyqctWuLbPVbJi41/kJucrLmT/oTBVkzvezPhP8QEasw5HKCzsl1dhyvxFSg+ZCC3Q=
X-Received: by 2002:a17:90a:5a0a:b0:213:18ad:f71f with SMTP id
b10-20020a17090a5a0a00b0021318adf71fmr4136913pjd.178.1668211509408; Fri, 11
Nov 2022 16:05:09 -0800 (PST)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
References: <Y2xhlbizeJmhJ/AC@gentoo.org> <626eaf6c-f41e-3dfd-2750-39c4522175c1@gentoo.org>
<Y22W8kqJskaMxDpS@gentoo.org> <CAHY5Mef4mnJpTpYCsd5E=D5Ex-27vNxVWZwJMDu9Kc1iADPqhw@mail.gmail.com>
<62C57F52-AAF6-4105-9276-EA5CAAEABB7E@gentoo.org> <018B23C1-7F65-4D99-A2E0-03B5280918FC@gentoo.org>
In-Reply-To: <018B23C1-7F65-4D99-A2E0-03B5280918FC@gentoo.org>
From: Gordon Pettey <petteyg359@gmail.com>
Date: Fri, 11 Nov 2022 18:04:31 -0600
Message-ID: <CAHY5MecH5hp_1uBgRQLGZK30tMciA-nP6vubxwnZ3kkCRqz6AQ@mail.gmail.com>
Subject: Re: [gentoo-dev] [RFC] A new GLSA schema
To: gentoo-dev@lists.gentoo.org
Content-Type: multipart/alternative; boundary="0000000000006dbda305ed3ac263"
X-Archives-Salt: bacf7faf-168a-4804-bf6d-ab81b50da115
X-Archives-Hash: 47996f61146e3374185797683c224231
--0000000000006dbda305ed3ac263
Content-Type: text/plain; charset="UTF-8"
On Fri, Nov 11, 2022 at 4:43 PM Sam James <sam@gentoo.org> wrote:
>
> Oh I see, I'd missed the actual link to CSAF, sorry.
>
> I'll take a look. It's not clear to me yet if this is going to be a good
> fit for distributions though, as we're not a normal "vendor".
>
> Are you aware of any other Linux distros using this?
>
Red Hat has it in "beta": https://access.redhat.com/security/data, and has
had the prior OASIS format (CVRF) for a time, which they (Red Hat) will be
deprecating in 2023-01. There is also VEX, which is (I think, didn't read
the detailed spec) a subset of CSAF.
--0000000000006dbda305ed3ac263
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail=
_attr">On Fri, Nov 11, 2022 at 4:43 PM Sam James <<a href=3D"mailto:sam@=
gentoo.org">sam@gentoo.org</a>> wrote:<br></div><blockquote class=3D"gma=
il_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,2=
04,204);padding-left:1ex"><div><br>Oh I see, I'd missed the actual link=
to CSAF, sorry.<br>
<br>
I'll take a look. It's not clear to me yet if this is going to be a=
good<br>
fit for distributions though, as we're not a normal "vendor".=
<br>
<br>
Are you aware of any other Linux distros using this?<br></div></blockquote>=
<div><br></div><div>Red Hat has it in "beta": <a href=3D"https://=
access.redhat.com/security/data">https://access.redhat.com/security/data</a=
>, and has had the prior OASIS format (CVRF) for a time, which they (Red Ha=
t) will be deprecating in 2023-01. There is also VEX, which is (I think, di=
dn't read the detailed spec) a subset of CSAF.<br></div></div></div>
--0000000000006dbda305ed3ac263--