-
Using the current build instructions
```sh
cd csaf_distribution
go build -v ./cmd/...
```
there are sometimes no binaries build.
(Test done with `go version go1.17.6 linux/amd64` and c57de75…
-
# Situation / Comment
> 3.1.3.3 Full Product Name Type - Product Identification Helper
>
> We welcome the addition of new ways to identify products besides CPE. Two
issues we face in this regar…
-
We have some parts which can't be enforced be the schema itself but should be tested programmatically. Therefore, I suggest to add those tests to the standard to ease the pain. Here are some ideas:
…
-
From the requirements section:
> ### 5.1.3 Requirement 3: TLS
>
> The CSAF document is retrievable from a website which uses TLS for encryption and server authenticity. The CSAF document MUST not …
tolim updated
3 years ago
-
During the review of #274 it was suggested to tie the signature to the namespace. Now we have 4 options:
### 1. Allow only (any) URLs in the namespace
This reflects the current implementation of…
-
In GitLab by @zutshi on Oct 17, 2020, 13:43
We ran into this when one of the notebook was using a path to the toml files. Because the path is different for native and docker env, it will work in only…
-
[Chapter 4 of the current prose draft for CSAF 2.0](https://github.com/oasis-tcs/csaf/blob/5bc94f4ca1f0451b063d7d191a914b6e0ccca2ed/csaf_2.0/prose/csaf-v2-editor-draft.md#4-safety-security-and-data-pr…
-
In CVRF there was a informative comment:
> At the time of this writing, OID issuance by FIRST is still a work in progress, thus some samples are provided below, that use OIDs from other standard MIBs…
-
... let us make a real version 2.0! There are tools that can go from XML to JSON schema and back again (mostly) so hopefully we bring more to the table with the new major version than just offering J…
-
Please make it explicit in the prose and definition, the expectation that open source projects who create releases can consider themselves as products for purposes of this specification.