Add new party `multiplier`

oasis-tcs / csaf

OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secondary artifacts like meeting minutes and productivity code

https://github.com/oasis-tcs/csaf

Other

152 stars 40 forks source link

Add new party `multiplier` #580

Open tschmidtb51 opened 2 years ago

tschmidtb51 commented 2 years ago

There is a use case where an ISAC / National CERT / ... could act as multiplier: Taking the original CSAF document (adding information relevant to the context) and republishing the information. Currently, those parties use the other status. We should create a separate value multiplier (or republisher) for them.

jaccoNCSCNL commented 1 year ago

As a national CERT we are indeed interested in this feature.

tschmidtb51 commented 9 months ago

The TC needs to decide if that is in scope for CSAF 2.1.

tschmidtb51 commented 8 months ago

Thomas Schmidt proposed a motion, as detailed in this OASIS mailing list archive, to add a party multiplier to CSAF v2.1. Omar Santos seconded the motion.

mprpic commented 8 months ago

I personally would prefer the wording republisher since "multiplier" implies the artifact is replicated into multiple (different) copies and re-distributed. Otherwise, lgtm!

tschmidtb51 commented 8 months ago

@mprpic: is that a comment or an objection (regarding motion https://groups.oasis-open.org/discussion/motion-580)?

tschmidtb51 commented 8 months ago

I personally would prefer the wording republisher since "multiplier" implies the artifact is replicated into multiple (different) copies and re-distributed. Otherwise, lgtm!

Personally, I prefer multiplier as it is closer to the multiplicator and describes IMHO clearly that the goal is to bring it to more people/groups / provide it to a wider (or also other) community. (Please, remember - I'm not a native speaker - so I trust those who are.)

And yes, that might involve multiple copies that might differ in the information (e.g. the E-ISAC might add different information than the Water-ISAC).

mprpic commented 8 months ago

@tschmidtb51 It's just a comment, I'm fine with either. I was just voicing my preference but if everyone else is good with multiplier then so be it :-)

santosomar commented 7 months ago

The motion to add a new party "multiplier" as suggested in https://github.com/oasis-tcs/csaf/issues/580 to CSAF 2.1 has passed. No objection was received and the motion automatically passed on 2024-04-03 20:00 UTC.

The motion and results are available at: https://groups.oasis-open.org/discussion/motion-580