[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
cve container tags micro agenda
- To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Subject: cve container tags micro agenda
- From: Kurt Seifried <kurt@seifried.org>
- Date: Wed, 18 Oct 2017 11:56:22 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=seifried.org;
- Delivery-date: Wed Oct 18 14:01:28 2017
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
Tags Container for CVE entries:
Must:
Must specify some origin/name space
Must specify some tag value(s)
Optional:
Optional: can specify a tag version # (this can be a number, version #, date string)
Optional: can specify some language value for tag(s) (default eng?)
Possibile Option:
Possible Optional: can specify a value for the tag (so you can have a key pair store? Do we allow multiple values? Sort of a sub tag? e.g. "license":"GPLv2" which helps gives context)
Please note that tags can occur at multiple places, e.g. globally, within an affects, etc, like the other containers so some degree of access control will take place based on this most likely (e.g. I’m inclined to let Red Hat do whatever tags they want in a Red Hat vendor section vs. Allowing some random person to do so).
Questions for operations:
Do we allow someone to add tags from MITRE’s name space for example, or can only MITRE do that? I think we have to let people use other peoples tags ior we would have a proliferation of tag name spaces that overlap.
Can a namespace (e.g. DWF) declare that anyone can add tags? Do we have a free for all community tag section?
kurt@seifried.org
- Follow-Ups:
- Re: cve container tags micro agenda
- From: Kurt Seifried <kurt@seifried.org>
- Re: cve container tags micro agenda
- Prev by Date: Re: indistinguishable CVEs Re: [oss-security] Berkeley DB reads DB_CONFIG from cwd
- Next by Date: Re: cve container tags micro agenda
- Previous by thread: Re: indistinguishable CVEs Re: [oss-security] Berkeley DB reads DB_CONFIG from cwd
- Next by thread: Re: cve container tags micro agenda
- Index(es):
