Set published date to issued date in OSV data

rustsec / advisory-db

Security advisory database for Rust crates published through crates.io

https://rustsec.org

Other

922 stars 364 forks source link

Set published date to issued date in OSV data #2130

Open andrewpollock opened 2 weeks ago

andrewpollock commented 2 weeks ago

Hello,

@jayvdb reported https://github.com/google/osv.dev/issues/2843 to OSV.dev, but it's really an issue with the source data as published in the RUST Advisory Database, so I wanted to have the discussion on an issue here.

tarcieri commented 2 weeks ago

The only place we currently collect this information is in the git history at the time advisories are issued a RUSTSEC ID.

Perhaps we can add a field for it and start collecting it explicitly.

Shnatsel commented 2 weeks ago

We could make the ID assigner fill in the date. That would be more robust and also less work for the maintainers.