Skip to content

Reporting found, but unused PMDs for CSAF 2.0 security.txt #719

Description

@bernhardreiter

The security.txt can have several PMDs.

csaf_downloader, checker and ISDuBA only use one (the first valid one as far as I know).

This is an issue to report about other PMDs, that were found, but are not used.
So users of the command line tool or online tool can see that there is an unused PMD and also see the warning that it should be removed as soon as possible.

(This is the less common subcase of #712)

reference

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#718-requirement-8-securitytxt

It is possible to advertise more than one provider-metadata.json by adding multiple CSAF fields, e.g. in case of changes to the organizational structure through merges or acquisitions. However, this SHOULD NOT be done and removed as soon as possible. If one of the URLs fulfills requirement 9, this MUST be used as the first CSAF entry in the security.txt.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions