-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, Would Debian be interested in being the first Linux distribution to publish vulnerability advisories in the OSV format[1]? I’m working on osv.dev[2] in my day job, and was interested in Debian being the first Linux distribution to publish OSV records for its security advisories. I am shortly going to start the DEP process, but wanted to reach out directly first to get your initial thoughts. I’ve spent some time familiarising myself with the current advisory publication process[3], and can elaborate on my initial implementation thoughts in the DEP, and here if you like. My intent had been to contribute to the implementation. regards Andrew [1] https://ossf.github.io/osv-schema/ [2] https://osv.dev/ [3] https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecFull -----BEGIN PGP SIGNATURE----- Version: FlowCrypt Email Encryption 8.3.8 Comment: Seamlessly send and receive encrypted email wsFzBAEBCgAGBQJjayyNACEJEFHf2Ts++3nvFiEEW3Akls+mpQcjnC15Ud/Z Oz77ee8d7g//RXvEPC3O0nxmn07ne9nOwf02uIgsmys+OncuqihzN6Np4iaz vCF+5uhtXRSzBLU3qWZP1MbF57rzHPIXSDM4iInUJeFAa07C3JlRahiFlOWe WRwYqXzF/RUoWC5cTREgGiK97nLpVZLkaCV5h7DBjoUbEFd055muYXyk5tkc GLGIusDb58XaQ5Y/sxGBYqZDn6ae959az/P5CA40+/xukJYUBPC8jlAteLsF PkpU89JT2XIxevD1ViYNfd+tcHsTD/jMRD41k5RA7jHy3dB1QGvIUv859HJq LaMiB45wLPJldd7OhwABOF8PXwdOLJaV80nxtk2ZulozlVZR2nA4HIr7Rh9G VaJ9pBCDpSKxlx7OYmyvN6tzNcYKuvzZi1IOHX8QolFsPAEusUzNjAP0jb6r QpOvn3dnla7maevM2y5qUoIuwjFdRalifsSUIttolf0BGIXaWaSrbLxP3qSj H2G/O13cl6LusU7Z99vBSPmIWvnqaa1LeVf3FqM85mYZrCCYxkd3MY0Ar8dZ UEOaWgvLj7ncWyuqmFiXLHhdrAC2kquJSrpcib1XT5VBQ4C8s/ZHKNlcNvxW POq9Dl/rrLzSW7+MabKz2le4e50xRQRllV3hrLNsxDAEGjEfLSLj9zi2Srsu eQZMUPbMmP10ca9YAfbcT/9fLEYblv9M4C4= =I9FZ -----END PGP SIGNATURE-----
Attachment:
0x51DFD93B3EFB79EF.asc
Description: application/pgp-keys