Yeah, we want to maintain this in as few places as possible -- ideally one
place. But I think it's *adequate* albeit not ideal to have our more
pretty/user-consumably documentation refer to a raw file that a user would
have to search. We shouldn't let the ideal be the enemy of progress.
~ David
Good thoughts here.
I have also thought about possibly moving the list of false positives from wiki
to the website.
It could be a JSON file or whatever parsable file, and we can parse it in
Javascript and
output it as a table. At the same time we could offer simple search/filtering
both across
On Wed, Nov 30, 2022 at 4:36 PM Mike Drob wrote:
> From my understanding, SBOM are meaningful in the context of a release, not
> necessarily an arbitrary code point. VEX on the other hand could be updated
> between releases as information comes in about new CVEs and such. I think
> that’s an impor
Hi Arnout,
Thanks for starting this conversation, I have had similar thoughts recently
but hadn’t put them to action yet.
>From my understanding, SBOM are meaningful in the context of a release, not
necessarily an arbitrary code point. VEX on the other hand could be updated
between releases as in
