-
* Add STRICT-mode, which only saves CSAF-documents with no validation errors.
* Add UNSAFE-mode, which saves CSAF-documents with validation errors within a seperate folder
All validation error…
-
Allow for the following:
* Allow download of all files that have changed starting a given point in time
* Allow download of all files that have changed within a given relative time span, e.g. t…
-
-
Code and test shows that the downloader has a default limiting rate of 1 in main.
But `--help` does not say for the downloader and the checker and the documentaton for aggregator says unlimited, wh…
-
We should add an option in the `csaf_downloader` and `csaf_checker` to run a remote validator.
-
We could add an option to the `csaf_checker` and `csaf_downloader` to work with API keys transported as HTTP header.
-
The checker and downloader should warn if a document is required to be type application/json, but the webserver does not use this as a content type in the HTTP headers.
It would become a reject / e…
-
In branch https://github.com/csaf-poc/csaf_distribution/tree/remote_validator_client
there is an experimental testing tool to ask a service like https://github.com/secvisogram/csaf-validator-service …
-
-
Currently, an OpenPGP verification fails if two OpenPGP keys are listed in the provider-metadata.json and the file was signed with the first one listed.
Tested with `v0.9.6` `csaf_checker` and `csa…