-
E.g. [android-chrome-192x192.png](https://github.com/csaf-poc/csaf_webview/blob/main/static/android-chrome-192x192.png) does not have a proper license. [android-chrome-192x192.png.license](https://git…
-
During implementation of https://github.com/csaf-poc/csaf_distribution/, especially the checker, aggregator and downloader part, our team at Intevation found that CSAF standard and tool implementors c…
-
Currently (`v2.2.1-95-ga65fead`) the following output is produced when requesting a CSAF provider with only one empty feed:
```
Requirement 15: ROLIE feed (failed)
- WARN: No entries in https:/…
-
There are several ways to structure data transmission. CSAF currently suggests the providers to [use some traditional methods of distribution the directory listing of JSON files and ROLIE](https://doc…
-
Currently, it is hard to debug the `csaf_provider` as it needs to be called (or at least it needs to think that it is called) through nginx. To aid in the development, we need to document, how debuggi…
-
Currently there is no user accessible way to tell which version is served as a Github page.
That should be possible.
-
Is there a list of all changes that were made in the schemas between 1.2 and 2.0? Since the schema type changed from XSD to JSON, it's a bit difficult to review the 2.0 one to see what actually change…
-
The instrumentation is there -> https://oasis-open.github.io/csaf-documentation/tools.html which comes with a downloader: https://github.com/csaf-poc/csaf_distribution/blob/main/docs/csaf_downloader.m…
-
I would like to propose adding a signature / pubkey field to the csaf_2.0/json_schema to provide non-repudiation and some level of integrity verification of the claim.
This way it will allow assur…
-
Currently, we request also SHA256 even if a SHA512 was present in the ROLIE feed. We need to find a way to improve that.