CSAF is exactly what we want with GLSA.
There are already many tools to parse and pretty print the CSAF documents.
Thanks, I'll look into it more. Can you offer to help implement it in Portage?
Not this year, but I can try to help.
There are many ready to use tools around csaf already.
You can also combine it with https://securitytxt.org/
Here is an example:
https://www.bsi.bund.de/.well-known/security.txt
The line
CSAF: https://cert-bund.de/.well-known/csaf/provider-metadata.json
tells where to find the csaf data.
--
Best,
Jonas
