A note on in JSON changelog/sigantures

To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: A note on in JSON changelog/sigantures
From: Kurt Seifried <kseifried@redhat.com>
Date: Tue, 27 Feb 2018 13:31:22 -0700
Authentication-results: spf=none (sender IP is 192.52.194.235) smtp.mailfrom=LISTS.MITRE.ORG; imc.mitre.org; dkim=none (message not signed) header.d=none;imc.mitre.org; dmarc=fail action=none header.from=redhat.com;
Delivery-date: Tue Feb 27 15:57:08 2018
List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
Sender: <owner-cve-editorial-board-list@lists.mitre.org>
Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
Spamdiagnosticoutput: 1:2

This is one of the reasons I'm opposed to in JSON changelog/signatures and instead would just rather use git commits/notes and signatures:

https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations

TL;DR: any spec like this will let people do things a bit differently and thus wrong.

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Prev by Date: Example Page Organization for CNA List
Previous by thread: Example Page Organization for CNA List
Index(es):
- Date
- Thread

Page Last Updated or Reviewed: February 27, 2018

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.