| 1 |
> On 12 Nov 2022, at 00:04, Gordon Pettey <petteyg359@×××××.com> wrote: |
| 2 |
> |
| 3 |
> On Fri, Nov 11, 2022 at 4:43 PM Sam James <sam@g.o> wrote: |
| 4 |
> |
| 5 |
> Oh I see, I'd missed the actual link to CSAF, sorry. |
| 6 |
> |
| 7 |
> I'll take a look. It's not clear to me yet if this is going to be a good |
| 8 |
> fit for distributions though, as we're not a normal "vendor". |
| 9 |
> |
| 10 |
> Are you aware of any other Linux distros using this? |
| 11 |
> |
| 12 |
> Red Hat has it in "beta": https://access.redhat.com/security/data, and has had the prior OASIS format (CVRF) for a time, which they (Red Hat) will be deprecating in 2023-01. There is also VEX, which is (I think, didn't read the detailed spec) a subset of CSAF. |
| 13 |
|
| 14 |
Thanks, that's rather helpful. We'll look into this. |
Archives