From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 9530C158020 for ; Thu, 10 Nov 2022 04:19:33 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 567E3E0938; Thu, 10 Nov 2022 04:19:30 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1D919E0930 for ; Thu, 10 Nov 2022 04:19:30 +0000 (UTC) Date: Wed, 9 Nov 2022 22:19:27 -0600 From: John Helmert III To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [RFC] A new GLSA schema Message-ID: References: <2D2DD2C1-019D-4305-A3C1-AAC867D28F50@gentoo.org> <20221110041009.ntkmlsrfi6au4r2o@schiffbauer.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="SmuGAVeZXg1ZLWVT" Content-Disposition: inline In-Reply-To: <20221110041009.ntkmlsrfi6au4r2o@schiffbauer.net> X-Archives-Salt: c40ede6c-5198-4656-9cdc-1c8988998fa0 X-Archives-Hash: 4bc626364590b13cde356d5f730faaf8 --SmuGAVeZXg1ZLWVT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Nov 10, 2022 at 02:10:09PM +1000, Marc Schiffbauer wrote: > * Sam James schrieb am 10.11.22 um 13:58 Uhr: > >=20 > > I think we'd rename impact -> description but description would now > > be "description of the problem" and not "description of the package". >=20 >=20 > +1, but additionally having the short description of the package sounds= =20 > still useful to me, as not always everybody knows what any package is=20 > exactly for and the description will help a lot in telling the=20 > impact/danger of your own infra that might be caused by that package. >=20 > -Marc Are you saying you rely on the background field, which is generally just the package's DESCRIPTION? Maybe glsa-check should just spit out the package's DESCRIPTION then too. --SmuGAVeZXg1ZLWVT Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQQyG9yfCrmO0LPSdG2gXq2+aa/JtQUCY2x7zQAKCRCgXq2+aa/J tSrvAP9TniiCVln/x2HZNNL23tPpi5pBh98j718alrLd/Sq5TQEAyKuC5bLZK26Q e8EJQ7HEhqD0Nb5eMoyWcH9aCpsJPQ4= =dKgF -----END PGP SIGNATURE----- --SmuGAVeZXg1ZLWVT--