Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DISCUSSION reference type #138

Merged
merged 3 commits into from
Apr 12, 2023
Merged

Add DISCUSSION reference type #138

merged 3 commits into from
Apr 12, 2023

Conversation

joshbuker
Copy link
Contributor

Revisiting #89

Partially Fixes #78

Related to #137

@joshbuker joshbuker mentioned this pull request Mar 29, 2023
Merged
@joshbuker
Copy link
Contributor Author

This change is fully backward compatible, as it is adding a new type, not modifying, removing, or requiring an existing type.

@joshbuker
Add DISCUSSION reference type
5d89f8c 
Revisiting ossf#89

Partially Fixes ossf#78

Related to ossf#137

Signed-off-by: Josh Buker <crypto@joshbuker.com>
@joshbuker
Add documentation for DISCUSSION reference type
0e32567 
Signed-off-by: Josh Buker <crypto@joshbuker.com>
@joshbuker joshbuker force-pushed the schema/discussion-reference-type branch from 89f26f1 to 0e32567 Compare March 30, 2023 00:39
joshbuker
joshbuker commented Mar 30, 2023
View reviewed changes
docs/schema.md Outdated
Comment on lines 412 to 416
The `severity` field is an optional element [defined here](#severity-field).
This `severity` field applies to a specific package, in cases where affected
packages have differing severities for the same vulnerability. If any package
level `severity` fields are set, the top level [`severity`](#severity-field)
must not be set.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like my IDE autostripped trailing whitespace, can undo this if necessary.

chrisbloom7
chrisbloom7 reviewed Mar 30, 2023
View reviewed changes
Copy link
Collaborator

@chrisbloom7 chrisbloom7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DISCUSSION seems like it's the superset that contains ARTICLE, i.e. a discussion about the vulnerability. Should we deprecate ARTICLE in favor of this and broaden the definition of DISCUSSION? Otherwise it seems like there is only nuance separating DISCUSSION and ARTICLE.

@joshbuker
Copy link
Contributor Author

joshbuker commented Mar 30, 2023
edited
Loading

DISCUSSION seems like it's the superset that contains ARTICLE, i.e. a discussion about the vulnerability. Should we deprecate ARTICLE in favor of this and broaden the definition of DISCUSSION? Otherwise it seems like there is only nuance separating DISCUSSION and ARTICLE.

I had similar thoughts, honestly. deprecating ARTICLE and incorporating it into DISCUSSION seems sane to me.

oliverchang pushed a commit that referenced this pull request Apr 3, 2023
@joshbuker
Add DETECTION reference type (#137)
dc58738 
Revisiting #89 

Partially Fixes #78

Related to #138

---------

Signed-off-by: Josh Buker <crypto@joshbuker.com>
@oliverchang
Copy link
Contributor

deprecation doesn't mean much for the OSV schema when it comes to backwards compatibility though. I'm happy to keep this distinction (which I think there's plenty), of ARTICLE referring to blog posts and DISCUSSION referring to social media threads if you're happy with that @chrisbloom7 ?

@oliverchang oliverchang merged commit 134f283 into ossf:main Apr 12, 2023
@joshbuker joshbuker deleted the schema/discussion-reference-type branch April 12, 2023 03:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisbloom7 chrisbloom7 chrisbloom7 approved these changes

@oliverchang oliverchang oliverchang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Additional options for references field to support reproducers/exploit code
3 participants
@joshbuker @oliverchang @chrisbloom7