[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
RE: Candidate numbering scheme
>If N will become the CVE-N, I think this will work fine.
>Otherwise, we need to add references to CAN-NETECT-19990514A
>to CVE-00666 to reference the discussion that lead to its
>acceptance.
Um, so that means that "CAN-NETECT-19990514A" would become CVE-A,
wouldn't it?...;-]
Let's assume that NTBugtraq is assigned the <id> of "01". A candidate
proposal from me today would then get;
CAN-01-1999051401
another, later today, would get;
CAN-01-1999051402
and so on. One tomorrow would get;
CAN-01-1999051501
and the last number would start to increment again.
This works well if CAN-01-1999051401 becomes CVE-01-1999051401 when and
if its accepted as a CVE. I do not think it should get some other
number, or else we'll have to include a reference to the CAN number in
the CVE.
This allows everyone to assign numbers as needed without having to use
any central numbering system or wait for someone to respond. It allows
people to assign the number internally before disclosing it to the
CVE-review list. It make the CAN number directly and obviously
associated to the CVE number (when/if accepted) and makes revisions to
any internal dBs far less work.
The CVE numbers would always increment (meaning they wouldn't be lower
than any that came before it).
I vote for this numbering mechanism.
Cheers,
Russ - NTBugtraq Editor