[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: CVE ID Syntax Vote - results and next steps
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2013-04-18 22:34, Booth, Harold wrote:
| I would also add that with an Option B with no leading zeros,
| including less than four digits, a transition of sorts is available
| for the first year (or more) if CVE identifiers started at 1000.
| Until the 9000'th CVE tools would successfully chug along giving
| everyone a bit more transition time. This could allow even more
| time depending on the eventual number of CVEs created. Whereas with
| an Option A with padding there is no such transition, and whatever
| number of digits are agreed to are included in every CVE from the
| beginning (in 2014?).
For the sake of further discussion, by no means an official set of
choices...
Option D: Seven numeric characters with leading zeros.
Option E: Twelve numeric characters, no leading zeros.
Option F: Twelve numeric characters, no leading zeros, starting at
1000 for each year.
Option G: Infinite numeric characters, no leading zeros, starting at
1000 for each year.
I picked 12 because someone suggested 10+. I'm also saying "numeric
characters" to raise the issue of treating everything after "CVE" or
"CVE-YYYY" as a string. Not sure that capping it makes much difference.
Not sure this covers all the recently discussed options.
Also not sure how to handle this situation procedurally? Declare a
mistrial and prepare another ballot, after further discussion?
~ - Art
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFwxdoACgkQk/8FEDbCaKOPEgCgnbaNJBjQESDRgZIBfEkbwhGy
ZvkAoKAsHLKb4sYDNP+kd3buSlenErhb
=wcLt
-----END PGP SIGNATURE-----