-
# Old Men Talking
> In the predecessor of CSAF 2.0 (CVRF 1.2) "we" allowed the naive UTC hack to include date times without timezone or offset indicator to implicitly inhabit Zulu land.
> Unfortunat…
-
During implementation of https://github.com/csaf-poc/csaf_distribution/, especially the checker, aggregator and downloader part, our team at Intevation found that CSAF standard and tool implementors c…
-
CSAF Advisories may be assigned to a person.
-
Currently, we don't list CSAF provider with empty feeds in our `csaf_aggregator`. However, that might be helpful to advertise their existence. We need to consider, whether that should be implemented f…
-
In the aggregator schema, we use the pattern
https://github.com/oasis-tcs/csaf/blob/5757eeb192f30dbf1752d15365e335c3408ce4df/csaf_2.0/json_schema/aggregator_json_schema.json#L13
I was informed …
-
This may go hand-in-hand with #200 . The request is to add a link to the machine readable and human readable advisories of a company. For example:
```
# Our Security Advisories
Advisories: https://…
-
Currently (`v2.2.1-95-ga65fead`) the following output is produced when requesting a CSAF provider with only one empty feed:
```
Requirement 15: ROLIE feed (failed)
- WARN: No entries in https:/…
-
-
It seems that some providers, e.g. RedHat do some rate limiting and also limit concurrent connections.
-
**What happened**:
Scan on image that has python3-Jinja2-2.10.1-3.10.2.noarch installed.
It generates vulnerabilities:
NAME INSTALLED FIXED-IN TYPE VULNERABI…