1 |
> On 12 Nov 2022, at 00:04, Gordon Pettey <petteyg359@×××××.com> wrote: |
2 |
> |
3 |
> On Fri, Nov 11, 2022 at 4:43 PM Sam James <sam@g.o> wrote: |
4 |
> |
5 |
> Oh I see, I'd missed the actual link to CSAF, sorry. |
6 |
> |
7 |
> I'll take a look. It's not clear to me yet if this is going to be a good |
8 |
> fit for distributions though, as we're not a normal "vendor". |
9 |
> |
10 |
> Are you aware of any other Linux distros using this? |
11 |
> |
12 |
> Red Hat has it in "beta": https://access.redhat.com/security/data, and has had the prior OASIS format (CVRF) for a time, which they (Red Hat) will be deprecating in 2023-01. There is also VEX, which is (I think, didn't read the detailed spec) a subset of CSAF. |
13 |
|
14 |
Thanks, that's rather helpful. We'll look into this. |