|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
REF URL require ToU/Conduct policy
- To: cve-editorial-board-list <cve-editorial-board-list@mitre.org>
- Subject: REF URL require ToU/Conduct policy
- From: Kurt Seifried <kurt@seifried.org>
- Date: Thu, 21 Jun 2018 19:07:32 -0600
- Authentication-results: spf=softfail (sender IP is 198.49.146.235) smtp.mailfrom=seifried.org; imc.mitre.org; dkim=fail (signature did not verify) header.d=seifried-org.20150623.gappssmtp.com;imc.mitre.org; dmarc=none action=none header.from=seifried.org;
- Delivery-date: Fri Jun 22 07:41:51 2018
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seifried-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=W78OION868LrErqvdfhRl5SWmEUIz821egveJSlAdgg=; b=s1FZCY3f77bpNxHSVl+FJVqIsNr9+cTw/mSnZmIjxtL54x96ydXLq1cMvMgDG2qKa9 7F8nxISzLL7ukJOJAwdRDqH32l9uL6YDCQLWQJDa1RT2sN3UgKRMyNnS63QUhngnkxMD jd26C/JMmR2sunXeaepx96ceSymIbsKLKj3IRjvy89L+JR/n4KG2qd7RyTFIB0uAOqX7 09ixyA4XdOqwdus4aIzssjMantdB6gCho2mkWOlw1EPdKZTOJ9UZGGfzi0GhBkWrB4bJ MJGABf4l/Wtq6cm5E1pJqkw5txGB3diPjZXnIM6VbUqc//MLX/CnR6c+igTm5T1ndf14 bPAg==
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
So real world example I have a CVE request which has a reference url:
Which... I dunno. I don't want links that require logins (because you can't grab them with tools easily), and I feel like this is the same, and also requiring people to agree to a ToU (that for example maybe requires you to give up your first born) is not really kosher.
--
the requires:
Google IssueTracker Terms of Service
I acknowledge and agree to the Google Terms of Service and the Google IssueTracker Conduct Policy.
So I'd like to add to the CVE/CNA docs discussion:
can we get ruling on reference URL's, specifically:
1) Reference MUST/MUST NOT/SHOULD/SHOULD NOT/etc... require a login of any sort (even a free login)
2) Reference MUST/MUST NOT/SHOULD/SHOULD NOT/etc... require acceptance of ToU/Conduct Policy/etc.
In my mind I should be able to "wget http://example.org/refurl/" and get the page. Anything less is not acceptable. But I also think the board should discuss this and rule on it and document it.
Kurt Seifried
kurt@seifried.org
kurt@seifried.org
- Follow-Ups:
- Re: REF URL require ToU/Conduct policy
- From: Pascal Meunier <pmeunier@cerias.purdue.edu>
- Re: REF URL require ToU/Conduct policy
- Prev by Date: CVE Board Meeting Summary - 13 June 2018
- Next by Date: Re: REF URL require ToU/Conduct policy
- Previous by thread: CVE Board Meeting Summary - 13 June 2018
- Next by thread: Re: REF URL require ToU/Conduct policy
- Index(es):