Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new profile: "Withdrawn" #771

Open
tschmidtb51 opened this issue Aug 22, 2024 · 2 comments
Open

Add new profile: "Withdrawn" #771

tschmidtb51 opened this issue Aug 22, 2024 · 2 comments
Assignees
@tschmidtb51
Labels
csaf 2.1 csaf 2.1 work motion_passed A motion has passed

Comments

@tschmidtb51
Copy link
Contributor

tschmidtb51 commented Aug 22, 2024
edited
Loading

We should add a special profile that is used for withdrawn CSAF documents.

Reasoning: Sometimes, it is necessary to withdraw a document. Currently, those documents are mostly set into the document category csaf_base and the somewhere (e.g. in the title or a note) a comment is added that the document was withdrawn. However, that is not really automatable.

Here is a suggested definition:

Profile W: Withdrawn

This profile MUST be used for any CSAF document that is withdrawn. It MUST NOT be used for any superseded document.

A CSAF document SHALL fulfill the following requirements to satisfy the profile "Withdrawn":

  • The following elements MUST exist and be valid:
    • all elements required by the profile "CSAF Base".
    • /document[]/notes with exactly one item using the category description and the title Reasoning for Withdrawal describing the original content and the reasons for the withdrawal
    • /document/tracking/revision_history with at least 2 entries. Any previous items MUST NOT be removed.
  • The value of /document/category SHALL be csaf_withdrawn.
  • The elements /product_tree and /vulnerabilities SHALL NOT exist.

The CSAF document MAY link to additional information through /document/references.
@tschmidtb51 tschmidtb51 self-assigned this Aug 22, 2024
@tschmidtb51
Copy link
Contributor Author

Checklist:

  • Add profile
  • Adapt schema
  • Adapt prose
    • Document category
    • Guidance on Size
    • Conversion rule
  • Add tests
    • 6.1.27.X
    • 6.1.27.3
    • Notes test
    • Revision History test
  • Maybe: add special modifier as conformance target?

@tschmidtb51 tschmidtb51 mentioned this issue Aug 22, 2024
Open
@santosomar santosomar added the csaf 2.1 csaf 2.1 work label Aug 28, 2024
@santosomar
Copy link
Contributor

Motion proposed via this email to the TC

@santosomar santosomar added the motion This item has a motion pending label Aug 28, 2024
@tschmidtb51 tschmidtb51 added motion_passed A motion has passed and removed tc-discussion-needed motion This item has a motion pending labels Oct 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tschmidtb51 tschmidtb51

Labels
csaf 2.1 csaf 2.1 work motion_passed A motion has passed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@santosomar @tschmidtb51