Received: from mail-yb1-f173.google.com (mail-yb1-f173.google.com [209.85.219.173])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id A37BB782CFE
	for <~alpine/devel@lists.alpinelinux.org>; Thu, 29 Apr 2021 12:45:58 +0000 (UTC)
Received: by mail-yb1-f173.google.com with SMTP id p126so24659082yba.1
        for <~alpine/devel@lists.alpinelinux.org>; Thu, 29 Apr 2021 05:45:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=do/BClbRclv+ETq6RYIkMYfQdwbPt5XYIryfLnW1SRY=;
        b=laIDgiNGgk4EuEVS2Jw4ooJ/Kao13SkT3V7BENNE2WcmqHFJ0KHeogGFqQaIVsF4Ov
         PzhPGS0/6E1+uyTDV+R7nIQLnzpL4rV0Hwdk5h87u5WEpGCYRdPTGFwiDP++PW1SuJec
         f14pl+c1WQu4L8hmPOFpPTB5hntBglxAIHqpa/hgkba1h6j6AGkIO/oTYUKBVV3ZJaBU
         GBGMMqgbxnT4pdcNxUeJSlj9lJAd/douoNBw5NwMaTmbEr1ySAAwfS0CO780MnmsV6gK
         ZEwXehAWjrYsmIG1JCq1jOn14jaMzG8u26GewnTfEPAZDhXkYeIWPWnSLUByUr+vXVyv
         MgpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=do/BClbRclv+ETq6RYIkMYfQdwbPt5XYIryfLnW1SRY=;
        b=ZtZ/Pdz/47dFuLXu8cAswjJB8AyHh4ioLUIbTT9VdIGXjq+PUa5pmTWIzIzMCmMxiY
         msmK1v3xpRKfOq5LtlZoOYHfur2wEhTV3QBTvThoM7EQKIiM/AJmvrK6JXQ5s07ma74J
         PWo053Flup8NCaKJ4kGi+CrbdJgCkZ7ENRZ8Fe3Y7XgN8v4C4ClF0wvvY8Ek9vwn+VkU
         zkl934QsNoEv8Pp/mtxMJhxP0qeYW95SDxPDtcj49wT+oBMxXkv1rpHZNQRB69YDe8x6
         bU4iDAc167UP0IuKFs1Yb+TPwukYQdor8UDUQ8kdR5WcjKSJ2Jjask0z0BPVjiB8OVJ3
         nhpA==
X-Gm-Message-State: AOAM530x79eZaGmzvTSgBN63uJrC+GXmmOg7FQ2b2Bn8v74XUzk0KtWS
	QX0nnsJ5Ft6RZOALuRK0yB03rS8BZnd42aR4cQo=
X-Google-Smtp-Source: ABdhPJz2D1lX16FsEyV04hitSBJP32Y8VtkIhb7i4/47mg8/qMDEE3z79n7yjuJP2QgtLDCB3bUCftZYv/2EcwSpujk=
X-Received: by 2002:a25:b190:: with SMTP id h16mr39517772ybj.440.1619700357626;
 Thu, 29 Apr 2021 05:45:57 -0700 (PDT)
MIME-Version: 1.0
References: <CAD+eXGQuPB7jOPZgOAkEoNiwZvWmi8CGVqrqgxXijW-rPo=RJw@mail.gmail.com>
 <309a2660-f22-4a97-2ad5-305f41ba744@dereferenced.org>
In-Reply-To: <309a2660-f22-4a97-2ad5-305f41ba744@dereferenced.org>
From: Konstantin Kulikov <k.kulikov2@gmail.com>
Date: Thu, 29 Apr 2021 15:45:46 +0300
Message-ID: <CAD+eXGSX5+mPNZHP0XxbK9iPHf4Q2+AfgT7ygrby=2JuQ+UQ+w@mail.gmail.com>
Subject: Re: A shared vulnerability format for open-source packages
To: Ariadne Conill <ariadne@dereferenced.org>
Cc: ~alpine/devel@lists.alpinelinux.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

> Maybe we can get everyone together in ##distro-security to talk about thi=
s
> and organize something?

I'm not involved in this work, just thought it would be useful for alpine.

From the doc:
>This format is still in early stages, a work in progress. Feedback from ma=
intainers of other vulnerability databases is most welcome. Please feel fre=
e to add comments directly to the doc (preferred) or to mail rsc@google.com=
. Once we have some confirmation that the approach is viable and adoptable =
(perhaps after further modifications), we intend to move this document to a=
n appropriate permanent home.