Received: from mail-yb1-f181.google.com (mail-yb1-f181.google.com [209.85.219.181])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id DEBF17800C1
	for <~alpine/devel@lists.alpinelinux.org>; Thu, 29 Apr 2021 05:21:17 +0000 (UTC)
Received: by mail-yb1-f181.google.com with SMTP id y2so74855547ybq.13
        for <~alpine/devel@lists.alpinelinux.org>; Wed, 28 Apr 2021 22:21:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=xXpMvmSzvuQh4JPXhC78S/+XYb7nUHBJCXpnWbkypOo=;
        b=TVJVEy0qrdSUZG5bn43+AgcrSi7IC1v7EzACG2pMNYlGYb1lvJ4I7DdjwQdX6NI33f
         8GWd7tdmquJd2H2uQSye/oPB0ZVVYf7SvrTVMOr7RD3qudGJQGeZjGvrTDiSIgy57LON
         /NUuBAKeMwgYMfyYwUIkZbsyptMNriV//qevAfLTpbDTM2u/C9NySO2y1Qnfus1QAd5U
         bDF35dYqtLk1d7ThBMee+9xAcRBZIOkr1yoRj0o983HwUqcl6LOomaurj6Hql9xSusou
         syekktS1PaUysAGRh+bn7TLueDOoaYL3tAv7+Jwds0erHUGrS/falvbhOIAa8jQSG0Kj
         3tsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=xXpMvmSzvuQh4JPXhC78S/+XYb7nUHBJCXpnWbkypOo=;
        b=d8Kspqj57qrAuMtBCpDcjY2Z0GZY7H+8D2oPnMclfcJxrXC8bYZVQRGtthiqOlN9qb
         xFKfiPa5RX8iHeI+RcbaC5B1egAAQKoiXawTXMJXJ1TKj2AfdhGshJIkERgdcglfHhr5
         vdOPixc7/pxbZO2OLaKW9zIx2ZmturD5VTCnvDoEafwjhcd427JsNXXBiTRv8cERXrCz
         AKoJo76IljfFOe2AGfbUu3w2+I7ufvr+KcKRPtO0RJLXZJXeiqDbixKKzIAhNcn4GOcV
         kDykXVZEZd9SNE8IddXzIHGFeaLH2nSSHcDE8KCZVNnfxflhkQTkdMiD9/HzBHnn98Uw
         hifQ==
X-Gm-Message-State: AOAM532HoOOUEus8YN7ocr33Ww2HZU3U4wbsO1mVi01kO+s9hpJtY5IX
	k7uARsp1YdURbokxIAC28UNmMU1OJJNeNrAL2wz0iGfMleM=
X-Google-Smtp-Source: ABdhPJwytrbwUk6JIcAUkdY6rUv0E0hNnY87sl7Uu3OyDBKNq0U2H07MqZ3n/eQeLEKwVcFD3G8rtDVFk3AzsTV2fiY=
X-Received: by 2002:a25:b190:: with SMTP id h16mr37292399ybj.440.1619673676614;
 Wed, 28 Apr 2021 22:21:16 -0700 (PDT)
MIME-Version: 1.0
From: Konstantin Kulikov <k.kulikov2@gmail.com>
Date: Thu, 29 Apr 2021 08:21:05 +0300
Message-ID: <CAD+eXGQuPB7jOPZgOAkEoNiwZvWmi8CGVqrqgxXijW-rPo=RJw@mail.gmail.com>
Subject: A shared vulnerability format for open-source packages
To: ~alpine/devel@lists.alpinelinux.org
Content-Type: text/plain; charset="UTF-8"

Russ Cox of Go language team has drafted a proposal for a shared
vulnerability format for open-source packages with goals to enhance
interoperability between language teams, security researchers, and
cross-language databases.
See google doc [0] and his original tweet [1].

[0] https://docs.google.com/document/d/1sylBGNooKtf220RHQn1I8pZRmqXZQADDQ_TOABrKTpA/edit#heading=h.ss425olznxo
[1] https://twitter.com/_rsc/status/1386682831770988545