New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Coordination/cross pollination with CVE JSON format #113
Comments
I'll follow up over email :) |
Ok so one question would be around using resource urls, e.g. the RedHat-RPM:some-rpm-1.2.3-5.el7.x86_64.rpm and so on. Each name space would have defined rules, e.g.: "full file name of RPM supplied by RedHat" or "organization or username, a slash and then repo name in github.com" for example. Generally speaking I imagine namespaces would be defined by either the "owner" of the namespace (e.g. Red Hat/Github) or by the CVE people (board or a working group I guess, details TBD) if it has enough value and the owner isn't available/interested. My question would be why did you go with a URI format? Is it defined somewhere? Who decides the namespace names/values/rules/etc? Thanks |
#65 is open for moving resourceUrl to the purl spec - #65. It seems like your suggestion is similar but different for purl. Its probably worthwhile to review the purl spec and leave comments in #65 or on the spec itself is you see issues here. I believe for our beta version we'll adopt purl, so far there haven't been objections to that format. |
Hi, I'm looking for the person(s) to talk to about coordinating and bouncing ideas around with respect to the JSON data format you are using, and the JSON CVE data format (which I'm largely to blame for =). I can be reached via email at kurt@seifried.org, I apologize for using the issues to contact you but it wasn't clear from the commits who is best to talk to), thanks.
The text was updated successfully, but these errors were encountered: