From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 13BDC158020 for ; Sat, 12 Nov 2022 00:06:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BDF65E0A9F; Sat, 12 Nov 2022 00:06:37 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8672BE09E0 for ; Sat, 12 Nov 2022 00:06:37 +0000 (UTC) From: Sam James Content-Type: multipart/signed; boundary="Apple-Mail=_07C697CB-ADD3-4AA3-A538-B3CFDD6836E5"; protocol="application/pgp-signature"; micalg=pgp-sha512 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.12\)) Subject: Re: [gentoo-dev] [RFC] A new GLSA schema Date: Sat, 12 Nov 2022 00:06:21 +0000 References: <626eaf6c-f41e-3dfd-2750-39c4522175c1@gentoo.org> <62C57F52-AAF6-4105-9276-EA5CAAEABB7E@gentoo.org> <018B23C1-7F65-4D99-A2E0-03B5280918FC@gentoo.org> To: gentoo-dev@lists.gentoo.org In-Reply-To: Message-Id: X-Mailer: Apple Mail (2.3731.200.110.1.12) X-Archives-Salt: bee12146-c8fa-42d3-bcd2-5acb7bf04fb7 X-Archives-Hash: 627a16c234fcd4558204a59c8094f11b --Apple-Mail=_07C697CB-ADD3-4AA3-A538-B3CFDD6836E5 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On 12 Nov 2022, at 00:04, Gordon Pettey wrote: >=20 > On Fri, Nov 11, 2022 at 4:43 PM Sam James wrote: >=20 > Oh I see, I'd missed the actual link to CSAF, sorry. >=20 > I'll take a look. It's not clear to me yet if this is going to be a = good > fit for distributions though, as we're not a normal "vendor". >=20 > Are you aware of any other Linux distros using this? >=20 > Red Hat has it in "beta": https://access.redhat.com/security/data, and = has had the prior OASIS format (CVRF) for a time, which they (Red Hat) = will be deprecating in 2023-01. There is also VEX, which is (I think, = didn't read the detailed spec) a subset of CSAF. Thanks, that's rather helpful. We'll look into this. --Apple-Mail=_07C697CB-ADD3-4AA3-A538-B3CFDD6836E5 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iNUEARYKAH0WIQQlpruI3Zt2TGtVQcJzhAn1IN+RkAUCY27jf18UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MjVB NkJCODhERDlCNzY0QzZCNTU0MUMyNzM4NDA5RjUyMERGOTE5MAAKCRBzhAn1IN+R kOkuAQCQP1pYFrSviwnbQ4g0rg/p9JVzcU5iXfVF+WIj1vzyVwEAikQBzYS4qIeH SI1/SyKKknxd9hDcwpwryRHDKy5TnAs= =TTkt -----END PGP SIGNATURE----- --Apple-Mail=_07C697CB-ADD3-4AA3-A538-B3CFDD6836E5--