Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(osv-schema): Add missing LINUX prefix #286

Closed
wants to merge 1 commit into from
Closed

feat(osv-schema): Add missing LINUX prefix #286

wants to merge 1 commit into from

Conversation

andrewpollock
Copy link
Collaborator

Not currently in production use, but OSV.dev has a test case using it.

Missed when generating the regex because it's absent from https://ossf.github.io/osv-schema/#id-modified-fields (should it be?)

(This made me go and research how the Linux Kernel CVEs are generated)

@oliverchang
Copy link
Contributor

I don't think we have any plans from any sources to publish LINUX- entries today. That one in the OSV.dev repo is a completely made-up one.

@andrewpollock
Copy link
Collaborator Author

I don't think we have any plans from any sources to publish LINUX- entries today. That one in the OSV.dev repo is a completely made-up one.

In the interests of consistency and correctness, should we:

  • adjust this PR to remove the Linux kernel from the schema entirely?
    • and then remove the OSV.dev test case?
  • merge this PR?

@oliverchang
Copy link
Contributor

I don't think we have any plans from any sources to publish LINUX- entries today. That one in the OSV.dev repo is a completely made-up one.

In the interests of consistency and correctness, should we:

  • adjust this PR to remove the Linux kernel from the schema entirely?

    • and then remove the OSV.dev test case?

  • merge this PR?

I don't think we have any plans from any sources to publish LINUX- entries today. That one in the OSV.dev repo is a completely made-up one.

In the interests of consistency and correctness, should we:

  • adjust this PR to remove the Linux kernel from the schema entirely?

Do you mean the "Linux" ecosystem? That's always been valid, and historicaclly advisories for it have been published under a different prefix (GSD-).

  • and then remove the OSV.dev test case?

We can just rename the OSV.dev testcase to an existing prefix? e.g. GSD or CVE?

  • merge this PR?

1 similar comment
@oliverchang
Copy link
Contributor

I don't think we have any plans from any sources to publish LINUX- entries today. That one in the OSV.dev repo is a completely made-up one.

In the interests of consistency and correctness, should we:

  • adjust this PR to remove the Linux kernel from the schema entirely?

    • and then remove the OSV.dev test case?

  • merge this PR?

I don't think we have any plans from any sources to publish LINUX- entries today. That one in the OSV.dev repo is a completely made-up one.

In the interests of consistency and correctness, should we:

  • adjust this PR to remove the Linux kernel from the schema entirely?

Do you mean the "Linux" ecosystem? That's always been valid, and historicaclly advisories for it have been published under a different prefix (GSD-).

  • and then remove the OSV.dev test case?

We can just rename the OSV.dev testcase to an existing prefix? e.g. GSD or CVE?

  • merge this PR?

@andrewpollock
Copy link
Collaborator Author

Do you mean the "Linux" ecosystem? That's always been valid, and historicaclly advisories for it have been published under a different prefix (GSD-).

Sorry, yes.

It turns out the ecosystem gets a mention under the ecosystems at https://ossf.github.io/osv-schema/#affectedpackage-field but not the ID prefixes at https://ossf.github.io/osv-schema/#id-modified-fields, which is why it was omitted when I generated the regex (I worked off the ID prefix list only).

We can just rename the OSV.dev testcase to an existing prefix? e.g. GSD or CVE?

Sure, I'll close this PR. It turns out that Wolfi is completely missing from https://ossf.github.io/osv-schema/#affectedpackage-field so I'm going to need to send another PR to correct that situation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oliverchang oliverchang Awaiting requested review from oliverchang

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andrewpollock @oliverchang