CVE ID语法投票

=================================================投票选票=========================================================输入前面“指令”和“填写选票”部分中指定的投票。首选：选项B的原因（首选）：当实用性与最佳选择平衡时，这是首选的，因为它是最小的破坏性，并且不会过时或不需要对以前的工作和出版物进行更改。也可以保证不再需要再次更改。我希望通过 *可选的 *完整性检查（例如，可选数字）更好。**************************************************************第二选择：选项一个原因（第二选择）：格式的更改将需要修订先前发布的文件，并过时无法更改的文件（例如，学术出版物）。转换是微不足道的（比选项C更重要），但仍然引用了旧CVE ID不正确。否则，如果从CVE的一开始就选择了它，那将是一个不错的选择。 ***************************************************** LAST CHOICE: Option C REASONS (last choice): Presumably all the old CVEs will need to have a check digit added, which will invalidate documents and be disruptive to software and databases. If not, then software will have to accommodate both the old and new formats, which is unnecessary complexity. There aren't enough digits in CVE numbers to make the check digit useful enough when balanced against the increased overhead. This balance point may vary between organizations, so flexibility in using the CVE may please more people (see below). For those who desire it, the check digit can be handled separately as a separate field from the identifier. There is no need to make it a part of the identifier itself. Any number of other integrity checks can also be handled separately, so NOT using option C keeps the CVE more flexible. This would work with both options A and B, while pleasing somewhat proponents of option C. Just to be clear, I like the idea of an integrity check being available, but I don't like it as a mandatory part of the CVE ID.