Archives
Archives
| From: | Jonas Stein <jstein@g.o> | ||
|---|---|---|---|
| To: | Sam James <sam@g.o> | ||
| Cc: | gentoo-dev <gentoo-dev@l.g.o> | ||
| Subject: | Re: [gentoo-dev] [RFC] A new GLSA schema | ||
| Date: | Sat, 12 Nov 2022 13:15:23 | ||
| Message-Id: | a7976c9f-eda8-5e87-2f81-152d3f112d1f@gentoo.org | ||
| In Reply to: | Re: [gentoo-dev] [RFC] A new GLSA schema by Sam James |
||
| 1 | >> CSAF is exactly what we want with GLSA. |
| 2 | >> There are already many tools to parse and pretty print the CSAF documents. |
| 3 | > Thanks, I'll look into it more. Can you offer to help implement it in Portage? |
| 4 | |
| 5 | Not this year, but I can try to help. |
| 6 | There are many ready to use tools around csaf already. |
| 7 | |
| 8 | You can also combine it with https://securitytxt.org/ |
| 9 | |
| 10 | Here is an example: |
| 11 | https://www.bsi.bund.de/.well-known/security.txt |
| 12 | |
| 13 | The line |
| 14 | CSAF: https://cert-bund.de/.well-known/csaf/provider-metadata.json |
| 15 | tells where to find the csaf data. |
| 16 | |
| 17 | -- |
| 18 | Best, |
| 19 | Jonas |