[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE ID Syntax - Seeking Suggestions for Outreach

On Thu, Apr 03, 2014 at 09:04:11AM -0400, Pascal Meunier wrote:

| I expect most customers will get engaged only when something breaks.
| I think it would be most useful to publicize the switch and send notices
| just before you run out of old format IDs.  What "just before" means
| could be "1 week" but is of course debatable.

I think Pascal nails it here: we will get incremental value from
additional rounds of PR, but at some level, there will be folks who
don't feel a need to act until there's a need.

So allow me to advocate for "propaganda through action": issue a single
CVE soon which is intended to stress the toolchains.  Make it a real
CVE, so that the customers have a way to check if their toolchains
really work.

I'll further advocate that this should be done soon, and should be the
focus of the new round of PR.


PS:  I don't actually know if this a good idea, but wanted to
throw it out for consideration.

Join my mailing list, and be the first to hear about my new projects!

Page Last Updated or Reviewed: October 03, 2014