> On 11 Nov 2022, at 22:40, Sam James <s...@gentoo.org> wrote: > > > >> On 11 Nov 2022, at 22:06, Gordon Pettey <petteyg...@gmail.com> wrote: >> >> On Thu, Nov 10, 2022 at 6:27 PM John Helmert III <a...@gentoo.org> wrote: >> On Thu, Nov 10, 2022 at 09:49:27PM +0100, Jonas Stein wrote: >>> On 10/11/2022 03:27, John Helmert III wrote: >>>> The first GLSA in glsa.git is GLSA-200310-03, the third GLSA of >>>> October 2003. It used roughly the same format of the GLSAs we release >>>> today, in 2022, making that format almost as old as me. >>> >>> IFF we change the format, we should not invent a new standard [1] but >>> use existing one like CSAF [2] >>> >>> [1] https://imgs.xkcd.com/comics/standards.png >>> [2] https://oasis-open.github.io/csaf-documentation/ >> >> We're not inventing a new "standard", we're upgrading the format we use >> to distribute GLSAs. >> >> Standard, format, semantics. You are producing a new schema in a field where >> at least one usable (and already-improved?) schema exists. NIH? > > Can you point to a format which would support using our ebuild operators > & syntax rather than making a (very) vague suggestion? > > See also ajak's point about being the one to implement it, in lieu > of volunteers.
Oh I see, I'd missed the actual link to CSAF, sorry. I'll take a look. It's not clear to me yet if this is going to be a good fit for distributions though, as we're not a normal "vendor". Are you aware of any other Linux distros using this?
signature.asc
Description: Message signed with OpenPGP
