[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE ID Syntax Vote - results and next steps



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 2013-04-18 22:34, Booth, Harold wrote:

| I would also add that with an Option B with no leading zeros,
| including less than four digits, a transition of sorts is available
| for the first year (or more) if CVE identifiers started at 1000.
| Until the 9000'th CVE tools would successfully chug along giving
| everyone a bit more transition time. This could allow even more
| time depending on the eventual number of CVEs created. Whereas with
| an Option A with padding there is no such transition, and whatever
| number of digits are agreed to are included in every CVE from the
| beginning (in 2014?).

For the sake of further discussion, by no means an official set of
choices...

Option D:  Seven numeric characters with leading zeros.

Option E:  Twelve numeric characters, no leading zeros.

Option F:  Twelve numeric characters, no leading zeros, starting at
1000 for each year.

Option G:  Infinite numeric characters, no leading zeros, starting at
1000 for each year.

I picked 12 because someone suggested 10+.  I'm also saying "numeric
characters" to raise the issue of treating everything after "CVE" or
"CVE-YYYY" as a string.  Not sure that capping it makes much difference.

Not sure this covers all the recently discussed options.

Also not sure how to handle this situation procedurally?  Declare a
mistrial and prepare another ballot, after further discussion?


~ - Art
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFwxdoACgkQk/8FEDbCaKOPEgCgnbaNJBjQESDRgZIBfEkbwhGy
ZvkAoKAsHLKb4sYDNP+kd3buSlenErhb
=wcLt
-----END PGP SIGNATURE-----


Page Last Updated or Reviewed: October 03, 2014