search

ossf / osv-schema

Open Source Vulnerability schema.
https://ossf.github.io/osv-schema/
Apache License 2.0
176 stars 75 forks source link

add clarity around distros' use of aliases #250

Closed luhring closed 1 month ago

luhring commented 2 months ago

Coming out of https://github.com/google/osv.dev/issues/2374#issuecomment-2218339823, wanted to suggest some potential wording improvements to help the next Linux distro that comes along better understand how the aliases field should and should not be used.

I welcome any feedback, and I'm not sure I've captured the sentiment perfectly.

One particular callout: this PR removes an existing sentence (below) that we struggled to wrap our heads around. If there's something that this was trying to convey that's lost in my PR, I'd love to better understand it.

Aliases may be used for vulnerabilities affecting different packages or ecosystems as long as they follow this definition.

cc: @michaelkedar @andrewpollock @cpanato

oliverchang commented 1 month ago

CC @chrisbloom7 and @rsc in case you have thoughts!