We currently publish CVSSv2 scores for scoring security advisories. Since we started using CVSSv2, a revised standard, CVSSv3, has been released.
Should we migrate to CVSSv3? I.e., start computing CVSSv3 scores for security advisories? --- Andreas reports distros downstream are migrating to CVSSv3 and would rather upstreams did, too. I don't have an opinion on this; I'm not familiar with the new standard. Cheers, Daniel
