From: | Jonas Stein <jstein@g.o> | ||
---|---|---|---|
To: | Sam James <sam@g.o> | ||
Cc: | gentoo-dev <gentoo-dev@l.g.o> | ||
Subject: | Re: [gentoo-dev] [RFC] A new GLSA schema | ||
Date: | Sat, 12 Nov 2022 13:15:23 | ||
Message-Id: | a7976c9f-eda8-5e87-2f81-152d3f112d1f@gentoo.org | ||
In Reply to: | Re: [gentoo-dev] [RFC] A new GLSA schema by Sam James |
1 | >> CSAF is exactly what we want with GLSA. |
2 | >> There are already many tools to parse and pretty print the CSAF documents. |
3 | > Thanks, I'll look into it more. Can you offer to help implement it in Portage? |
4 | |
5 | Not this year, but I can try to help. |
6 | There are many ready to use tools around csaf already. |
7 | |
8 | You can also combine it with https://securitytxt.org/ |
9 | |
10 | Here is an example: |
11 | https://www.bsi.bund.de/.well-known/security.txt |
12 | |
13 | The line |
14 | CSAF: https://cert-bund.de/.well-known/csaf/provider-metadata.json |
15 | tells where to find the csaf data. |
16 | |
17 | -- |
18 | Best, |
19 | Jonas |