[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Automation WG Git Pilot



Based on the handful of positive responses we have received, we will 
temporarily extend the Git pilot. The 8/21 Automation WG meeting will 
have an agenda item to discuss what items should be included in the 
next phase of the pilot, and when that phase should officially begin.

Chris

-----Original Message-----
From: Art Manion [mailto:amanion@cert.org] 
Sent: Thursday, August 10, 2017 10:58 PM
To: Kurt Seifried <kseifried@redhat.com>; Coffin, Chris 
<ccoffin@mitre.org>
Cc: cve-editorial-board-list 
<cve-editorial-board-list@lists.mitre.org>; cve-cna-list 
<cve-cna-list@lists.mitre.org>
Subject: Re: Automation WG Git Pilot

On 2017-08-10 22:32, Kurt Seifried wrote:
> Please keep the git running, submitting in volume is a real pain 
> otherwise. 

>     Does the Board agree with this approach? Additionally, Do any 
> Board members have any suggestions or thoughts on what the next phase 
> plan should include?____

I plan to collect some more input internally, but:

1. API access, does the CoDev/Bitbucket API resemble Github, and what 
would API submissions mean?

2. Branches vs. Forks.  I am far from a git expert, but I'm told that 
git-using CNAs should perhaps all have forks.

3. Official branches.  Could have e.g. stable and fast branches, fast 
branch changes get merged into stable, a consumer can select fast at 
the expense of more changes.

4. I share with Harold and perhaps others the idea that a consumer 
would want to search a particular CNA's entries.  This might lead to a 
completely separate, non-git experiment.  Would CNAs hosting public git 
repos (possibly forks of the main repo) address the search issue?  Or 
would some sort of API be necessary?

 - Art


Page Last Updated or Reviewed: August 21, 2017