Closed iamamoose closed 2 years ago
add it if the name isn't in the first 80 characters or so
80 is too many, I suggest 20 to 40 for this test, or better yet require the project name right after the CVE ID or insert it unconditionally. Even if the project name is e.g. in the first 20, it could be not right after the CVE ID, which would make the Subject line look inconsistent with nearby reports of other issues in the same project.
This has been implemented in the version for JSON v5 live at the end of October
| if (!(j.containers.cna.title.substring(0,40).includes("Apache"))) {
| subject = subject + getProductListNoVendor(j) + ": "
Solar Designer noted that if the project puts their name at the end "we get lengthy Subject lines with the project name in varying places and often beyond the portion that a MUA displays by default. For example, ... https://www.openwall.com/lists/oss-security/2022/01/18/
Perhaps our test for adding the name could add it if the name isn't in the first 80 characters or so (i.e. there may be a case where the name will be in the subject twice, but that's ok).