lumjjb
commented
1 year ago I think adding a referencable object with the actual contents as optional may lead to failure to resolve some of these details at consumption time (unable to get object). Although I see the value of using the reference, i worry about the reliability to rely on it solely as a pattern for common use. As of the current state of maturity of cross-referencing objects across standards and the adoption of json LD by these standards, i would be more comfortable if it was not optional to include the vulnerability identifiers within the struct.
i.e. the example here wouldn't be possible without the additional resolved information from the original format.
This may just be a rewording and a recommendation instead of a change in the struct definition
SecurityCRob
puerco
wagoodman
OPEV # 0015: Expansion of the Vulnerability Field
ποΈ Enhancement Overview
During the development of the initial implementations, there have been issues raised about the need to expand the vulnerability field. While this OPEV only addresses the need to expand the vulnerability field 1) become an object and to 2) to express more names or aliases of a vulnerability, members of the community have pointed to other cases where the vulnerability entry needs to be expanded from an identifier string to a full struct.
π§βπ» Enhancement Proposal Authors
π©βπ§ Sponsoring Maintainers
(not required)
π OpenVEX Projects
π Specs and Documents
Pull Request open: https://github.com/openvex/community/pull/17
β Enhancement Questions
Does this enhancement propose a change to the OpenVEX project's governance structure?
NO
Does this enhancement propose a breaking change with the upstream VEX design established by the VEX Working Group?
NO
π¬ Discussion Start Date:
OPEVs shall be discussed for no longer than 30 days after which the vote tally will be computed and the proposal will either merge or be rejected.
Start Date: 2023-07-09
π³οΈ Voting Results
Final Enhancement Vote Tally:
Final Enhancement Vote Tally:
π : 3 Votes @lumjjb @wagoodman @puerco (implicit) | non binding: @SecurityCRob
π : 0 Votes
βΉοΈ Voting Instructions:
To vote for this enhancement, maintainers should add a comment with a π emoji to show support or π to reject the enhancement. After voting is over (usually after 30 days), votes will be computed by the project's mantainers and registered in this issue. Refer to GOVERNANCE.md for details on how many votes are required to approve and when voting ends.