From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 055E4158020 for ; Fri, 11 Nov 2022 00:27:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2C889E0A76; Fri, 11 Nov 2022 00:27:33 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DA917E09C4 for ; Fri, 11 Nov 2022 00:27:32 +0000 (UTC) Date: Thu, 10 Nov 2022 18:27:30 -0600 From: John Helmert III To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [RFC] A new GLSA schema Message-ID: References: <626eaf6c-f41e-3dfd-2750-39c4522175c1@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="E1AoU9S53tSQWqBz" Content-Disposition: inline In-Reply-To: <626eaf6c-f41e-3dfd-2750-39c4522175c1@gentoo.org> X-Archives-Salt: 1e34ba4a-7041-4a64-a3a3-9ef99f0653ed X-Archives-Hash: 8f0d68796261d614fa8fcffd311c8b3c --E1AoU9S53tSQWqBz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Nov 10, 2022 at 09:49:27PM +0100, Jonas Stein wrote: > On 10/11/2022 03:27, John Helmert III wrote: > > The first GLSA in glsa.git is GLSA-200310-03, the third GLSA of > > October 2003. It used roughly the same format of the GLSAs we release > > today, in 2022, making that format almost as old as me. >=20 > IFF we change the format, we should not invent a new standard [1] but=20 > use existing one like CSAF [2] >=20 > [1] https://imgs.xkcd.com/comics/standards.png > [2] https://oasis-open.github.io/csaf-documentation/ We're not inventing a new "standard", we're upgrading the format we use to distribute GLSAs. Besides, what would this actually mean for us? Are you volunteering to help implement a transition? > --=20 > Best, > Jonas >=20 >=20 --E1AoU9S53tSQWqBz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQQyG9yfCrmO0LPSdG2gXq2+aa/JtQUCY22W8AAKCRCgXq2+aa/J tZGyAP9IZ0LtkAx54IVoYnuIBU5xSwikznNi6H4dpZCkFZDxswEAshmG5E7HzvQe qom3eR/giSvJMrYoYw3lXdVqOuH6FAM= =2Lzz -----END PGP SIGNATURE----- --E1AoU9S53tSQWqBz--