Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Indicate that "CSAF aggregator" can also list instead of mirror #470

Closed
bernhardreiter opened this issue Mar 2, 2022 · 1 comment · Fixed by #450
Closed

Indicate that "CSAF aggregator" can also list instead of mirror #470

bernhardreiter opened this issue Mar 2, 2022 · 1 comment · Fixed by #450
Assignees
@tschmidtb51
Labels
CS02 Defects of CS01 with fixes targeting CS02 editor-revision already worked on in the editor revision

Comments

@bernhardreiter
Copy link
Contributor

When reading https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html it is slightly unclear what it means for an CSAF Aggregator of category aggregator to satisfy requirement 21 (List of CSAF providers).

What I know from @tschmidtb51 is that it is a use case for a csaf_providers to leave out the mirror attribute which makes it a provider that is just listed instead of mirrored. The schema allows for this, but

  • Example 111 has a mirror in both entries
  • 7.2.5 states that it lists a mirror for at least two disjoint issuing parties pointing to a domain under its own control.

So would it be still an CSAF Aggregator, if it only lists two providers, but mirrors one? Not from the 7.2.5 rule.

Suggestion:

  • add a third provider to Example 111 without mirror
  • Add a sentence to either requirement 23 or 7.2.5 that a mirror can also list providers.
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Mar 2, 2022
@tschmidtb51
CSAF aggregator
5b5dd0e 
- resolves oasis-tcs#470
- clarify that a CSAF aggrgator can also list issuing parties that it does not mirror
@tschmidtb51
Copy link
Contributor

So would it be still an CSAF Aggregator, if it only lists two providers, but mirrors one? Not from the 7.2.5 rule.

That is intended :-)

I added a PR clarifying that in 7.2.5.

@tschmidtb51 tschmidtb51 mentioned this issue Mar 2, 2022
Merged
@tschmidtb51 tschmidtb51 self-assigned this Mar 2, 2022
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Mar 2, 2022
@tschmidtb51
Mirror vs. listing
6dbbbd5 
- addresses parts of oasis-tcs#470
- clarify what should happend when `false` in `list_on_CSAF_aggregators` and `true` in `mirror_on_CSAF_aggregators`
@tschmidtb51 tschmidtb51 mentioned this issue Mar 2, 2022
Merged
@tschmidtb51 tschmidtb51 added CS02 Defects of CS01 with fixes targeting CS02 editor-revision already worked on in the editor revision labels Mar 2, 2022
@tschmidtb51 tschmidtb51 mentioned this issue Mar 2, 2022
Merged
@tschmidtb51 tschmidtb51 linked a pull request Mar 2, 2022 that will close this issue
Editor revision 2022 02 23 #450
Merged
@bernhardreiter bernhardreiter mentioned this issue Mar 2, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tschmidtb51 tschmidtb51

Labels
CS02 Defects of CS01 with fixes targeting CS02 editor-revision already worked on in the editor revision
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Editor revision 2022 02 23 oasis-tcs/csaf
2 participants
@bernhardreiter @tschmidtb51