On Wed, 21 Aug 2019 at 09:31, Mark Cox <m...@apache.org> wrote: > > Okay, I created a PR for it! https://github.com/apache/whimsy/pull/73 and
Thanks. Had a quick look. Many of the files have very long lines, so will be difficult to maintain. Also there is no indication of the source of the code and its license. Given that the tool requires a login, it could pre-populate the email address(es). > hope we can integrate it in time for the ApacheCon security BoF When is that? > Thanks, Mark > > On Wed, Aug 7, 2019 at 9:05 AM Mark Cox <m...@apache.org> wrote: > > > Hi all! > > > > Many of our projects struggle with the format of creating Mitre CVEs and > > various text representations of vulnerabilities needed for public mailing > > lists as per our security policy. > > > > But, one of the CVE automation working group members has been working on a > > nice javascript tool that simplifies all this ( > > https://vulnogram.github.io/), and I'm working with it and him on making > > it so we can do an easy customisation to guide ASF projects through the > > process. > > > > The tool runs standalone just static content once built (it may pull from > > /public jsons too) so I'd really just need somewhere I can commit to that > > appears under whimsy. In the future the tool may even be able to submit > > direct to Mitre so it'd make sense to start it with requiring /committer/ > > access to run it. > > > > So this could be as simple as agreeing a location and allowing me to > > update things there? > > > > Mark > >
