Re: CVE ID Syntax change - Round two vote results and comments
On Thu, 23 May 2013, security curmudgeon wrote:
> I would like to know why MITRE made an executive decision for 8
> digits when that was not clearly the concensus of the discussion. This
> type of choice seems to defeat the stated purpose of the editorial board.
The Board was given notice of an 8 digit option, and asked to comment, an
entire week before the second vote began.
On Tuesday, April 30, we posted a message "Second round of discussion and
voting for new CVE ID Syntax" to the Editorial Board, in which we
specifically suggested a year plus 8 digits:
The only response was from Kent Landfield, showing support for our
proposal and bringing up a separate topic.
Since there were no additional comments, but it was apparent that our
email went out to the list, we then proceeded with the vote according to
>2. The question that has been put to MITRE at least once, if not more,
>that has gone unanswered is more troubling.
Speaking only for myself, I was reluctant to draw too much attention to
the fact that we gave a week's notice to the Board, and only one person