1 |
On Fri, Nov 11, 2022 at 4:43 PM Sam James <sam@g.o> wrote: |
2 |
|
3 |
> |
4 |
> Oh I see, I'd missed the actual link to CSAF, sorry. |
5 |
> |
6 |
> I'll take a look. It's not clear to me yet if this is going to be a good |
7 |
> fit for distributions though, as we're not a normal "vendor". |
8 |
> |
9 |
> Are you aware of any other Linux distros using this? |
10 |
> |
11 |
|
12 |
Red Hat has it in "beta": https://access.redhat.com/security/data, and has |
13 |
had the prior OASIS format (CVRF) for a time, which they (Red Hat) will be |
14 |
deprecating in 2023-01. There is also VEX, which is (I think, didn't read |
15 |
the detailed spec) a subset of CSAF. |