-
For your awareness:
As the tools are not a PoC (even since the first release), the long overdue change was conducted: The repo https://github.com/csaf-poc/csaf_distribution moved to https://github.…
-
In the aggregator schema, we use the pattern
https://github.com/oasis-tcs/csaf/blob/5757eeb192f30dbf1752d15365e335c3408ce4df/csaf_2.0/json_schema/aggregator_json_schema.json#L13
I was informed …
-
Currently, we don't list CSAF provider with empty feeds in our `csaf_aggregator`. However, that might be helpful to advertise their existence. We need to consider, whether that should be implemented f…
-
# What happened?
I tried to test the `csaf_aggregator` by building and just running it without any parameter, in particular without a path to a config file. Then, of course, the aggregator was lookin…
-
2.0 Committee Specification Draft 02 has
> 7.1.23 Requirement 23: Mirror
```json
"aggregator": {
"category": "aggregator",
```
to be more consistent renaming the category to `mirro…
-
Currently, we don't list the `service.json` and ROLIE categories in the `provider-metadata.json`. We should add those to the `distribution` if present.
-
Currently ("version": "2.1.1-100-g540d02d"), the `csaf_checker` validates CSAF (trusted) providers even if the `distributions` array is missing in the PMD. However, in that case the the requirements 1…
-
Technically a CSAF Aggregator could mirror only a subset of the available CSAF documents for a provider. It maybe confusing the users or problematic when used.
There seem to be potentially legitima…
-
As discussed during the OASIS CSAF TC Monthly Meeting on 2023-07-26:
The CSAF 2.0 specification does not provide a predefined Media sub type or MIME type for CSAF documents. This means that consume…
-
During implementation of https://github.com/csaf-poc/csaf_distribution/, especially the checker, aggregator and downloader part, our team at Intevation found that CSAF standard and tool implementors c…