> On 12 Nov 2022, at 00:04, Gordon Pettey <petteyg...@gmail.com> wrote: > > On Fri, Nov 11, 2022 at 4:43 PM Sam James <s...@gentoo.org> wrote: > > Oh I see, I'd missed the actual link to CSAF, sorry. > > I'll take a look. It's not clear to me yet if this is going to be a good > fit for distributions though, as we're not a normal "vendor". > > Are you aware of any other Linux distros using this? > > Red Hat has it in "beta": https://access.redhat.com/security/data, and has > had the prior OASIS format (CVRF) for a time, which they (Red Hat) will be > deprecating in 2023-01. There is also VEX, which is (I think, didn't read the > detailed spec) a subset of CSAF.
Thanks, that's rather helpful. We'll look into this.
signature.asc
Description: Message signed with OpenPGP
