-
As the repo moved to [gocsaf/csaf](https://github.com/gocsaf/csaf) we need to complete that by finding all references in this repo and adapt them.
-
To facilitate more usage of CSAF, how would a go library have to be constructed to be able to help implementors to access the contents of the advisories?
### potential use cases
* https://github.c…
-
Currently ("version": "2.1.1-100-g540d02d"), the `csaf_checker` validates CSAF (trusted) providers even if the `distributions` array is missing in the PMD. However, in that case the the requirements 1…
-
We should clarify whether we expect signatures to be in ASCII or binary format or both should be accepted. Therefore, we need to figure out whether it make a difference for implementers.
-
We came across [a situation](https://github.com/csaf-poc/csaf_distribution/issues/376) where a ~Web Application Firewall~ CDN blocked the automatic retrieval of the PMD and CSAF files. Given the reaso…
-
Make sure that prerequisites for building a current version are documented
consistently. They seem to be scattered and partly within scripts and partly in text.
One way would be to follow the exam…
-
Using csaf_distribution-v2.1.0-gnulinux-amd64: when downloading from redhat.com
the signatures do not verify.
```bash
curl -L -O https://github.com/csaf-poc/csaf_distribution/releases/download/v2…
-
# What happened?
I tried to test the `csaf_aggregator` by building and just running it without any parameter, in particular without a path to a config file. Then, of course, the aggregator was lookin…
-
As discussed during the OASIS CSAF TC Monthly Meeting on 2023-07-26:
The CSAF 2.0 specification does not provide a predefined Media sub type or MIME type for CSAF documents. This means that consume…
-
## Description
OVALv2 is in maintenance mode now.
https://www.redhat.com/en/blog/red-hat-vex-files-cves-are-now-generally-available