回复：候选编号方案

> -----原始消息----->来自：Gene Spafford [mailto：spaf@cs.purdue.edu]>发送：1999年5月17日，星期一11：58 AM>至：Steven M. Christey> CC：cve-review@linus.mitre.org>主题：回复：候选编号方案>>>>>>>>>>>>>>>>>>>>0400 5/17/99，史蒂文·M·克里斯蒂（Steven M. Christey）写道：>> spaf说：>>>>>>为什么不使每个候选人号码都像>>>“ temp-99-01”，我喜欢在前面有“ temp-”。这意味着这是一个临时数字。我们是否需要在其中表明它是CVE临时数字？>>>我们只是从年初开始计算？>>>>>此方法将需要中央“数字分配”>使用重复数字的机制，并且如果分配开放到>> >> >> >>，而不仅仅是>>>有点>>有问题或昂贵的实现输入论坛。>>这很容易自动化。设置一个程序，该程序根据授权记者的“授权”中的电子邮件中分配了>下一个数字，以响应“授权”之一的电子邮件？非参与者发现的漏洞呢？ > reporters. This could also be done from a WWW page that requires > password access, or SSL-enabled access. We don't care about numbers > assigned and dropped, or the same vulnerability given two different > numbers by two different people. This is, after all, simply an > attempt to assign unique temporary numbers for evaluation. > > And, this method helps encourage people not to refer to the temporary > numbers for long. > > > > >Gene, are you advocating using the candidate numbering scheme in > >public? And if so, do you believe that temp-99-01 really > doesn't have > >a chance to become a de facto standard? I think that the > first number > >to be referenced could become the one that is most commonly > used, even > >if it has a "temp" name in it. However, as long as "highly visible" > >players use the CVE name (i.e. database owners, advisory writers, > >etc.), then I suppose it becomes less of a problem. > > See my comments above. I think that it is worth trying using > something like this. If we spend too much time debating the exact > syntax and mechanics, we will never get a system out there to try! > > --spaf >