Closed Foxboron closed 3 years ago
👍 Yeah makes sense to me, their FAQ has the format reference:
CVE prefix + year + sequence number digits
Reference MITRE CVE FAQ
Ah, I did find the news about the new format now: https://cve.mitre.org/news/archives/2014/news.html#jan152014_New_CVE_ID_Format_in_Effect_as_of_January_1_2014
Argueably 7 digits isn't enough either. I wonder if just specifying {4,99}
(or something like that) would further futureproof the schema?
Argueably 7 digits isn't enough either. I wonder if just specifying {4,99} (or something like that) would further futureproof the schema?
Yeah, 99 or I think if you leave it empty {4,}
it would be unbounded. Up to you!
Went with {4,}
. I reckon it's cleaner. Thanks :)
How do we get this merged? I have a suspicion there aren't enough people with write access.
I have an internal project I'm going to start using this schema for (and probably suggest some changes). I want to see this change merged but also have a path forward for getting things merged that doesn't require hassling @MarcinHoppe :)
@joshbressers thanks for the ping! Looks like there are no objections so I will merge.
Currently adding people to the ossf
org is a manual process, but I will that all current members of the WG are added.
Thanks :)
I don't see any guidelines how these patches should be done, but PR so I dont forget about it :smile:
The current schema only matches 5 digits in the sequence length, however MITRE defines this to be "four or more digits"1. The longest I have observed is 7 digits2, which is also an example on the website. This patch ensures we cover this range of known CVE IDs.
Signed-off-by: Morten Linderud morten@linderud.pw