-
### how to reproduce
* Use or build up an integration test setup
* Verify that the provider-metadata.json was written, it current and has the pubkey.
* Create (or find) a new OpenPGP keypair, e.…
-
CSAF Aggregators must at least do two mirrors, but can also have entries that are just listed, see
https://github.com/oasis-tcs/csaf/issues/470
### technical consideration
A config option per pro…
-
Implement serving of
* [x] 7.1.16 Requirement 16: ROLIE service document
* [x] 7.1.17 Requirement 17: ROLIE category document
Both should have the options to either not write the document or co…
-
If finding data fails because of the TLS certificate of the HTTPS server cannot be validated, there is no hint in the output.
User will want to know what the reason for the failure ist.
Expectat…
-
A freshly run provider and aggregator write inconsistent datetime parameters (~v0.9.1), see examples
`https://localhost:9443/.well-known/csaf-aggregator/aggregator.json`
```json
"metadata…
-
The file `changes.csv` is not correctly constructed: Current output is:
```
2022-07-14T08:20:40Z,YYYY/filename.json
```
However, the [spec](https://docs.oasis-open.org/csaf/csaf/v2.0/cs02/csaf-v2.…
-
Some functions implemented in the `csaf_aggregator` are useful when implementing a downloader.
The should be provided that they can be used easily.
-
Some CSAF providers may block an IP address if there are too many documents downloaded in a certain time frame.
To stay below this threshold, a config option in the checker and per provider in the …
-
The link to the ROLIE in the mirrored `provider-metadata.json` is incorrect. A current test revealed that the link in the `https://aggregator.example.com/.well-known/csaf-aggregator/Example_Company_01…
-
# Situation
Currently section [7.2.5](https://docs.oasis-open.org/csaf/csaf/v2.0/csd02/csaf-v2.0-csd02.html#725-role-csaf-aggregator) reads:
> A distributing party satisfies the "CSAF aggregator" …