| 1 |
On Fri, Nov 11, 2022 at 4:43 PM Sam James <sam@g.o> wrote: |
| 2 |
|
| 3 |
> |
| 4 |
> Oh I see, I'd missed the actual link to CSAF, sorry. |
| 5 |
> |
| 6 |
> I'll take a look. It's not clear to me yet if this is going to be a good |
| 7 |
> fit for distributions though, as we're not a normal "vendor". |
| 8 |
> |
| 9 |
> Are you aware of any other Linux distros using this? |
| 10 |
> |
| 11 |
|
| 12 |
Red Hat has it in "beta": https://access.redhat.com/security/data, and has |
| 13 |
had the prior OASIS format (CVRF) for a time, which they (Red Hat) will be |
| 14 |
deprecating in 2023-01. There is also VEX, which is (I think, didn't read |
| 15 |
the detailed spec) a subset of CSAF. |
Archives