Re: CVE ID语法投票,结果和下一步

这似乎是一个没用的人,但我想至少添加一个选项与落后的0。我总是麻烦扫描列的数字当我不得不忽视的零开始。2013年亚当在星期五,4月19日在05:01:24PM + 0000, Kent_Landfield@McAfee.com写道:|有一个我不包括额外的可能性。| |选项H:年+ 12位数,没有领导除了id 0 1到999 | |肯特Landfield | |英特尔公司McAfee | |直接:+ 1.972.963.7096 |手机:+ 1.817.637.8026 |网站:www.mcafee.com | |: < Landfield >、肯特Landfield < Kent_Landfield@McAfee.com > |时间:周五,4月19日,2013 11:42我|:“cve-editorial-board-list@LISTS.MITRE。ORG " < | cve-editorial-board-list@LISTS.MITRE。ORG > |主题:Re: CVE ID语法——投票结果和下一步| | |我们能有一个快速调查相结合的一组现有的选项和下面列出的|的艺术?我认为re-whittling的选择可能会|我们一个更好的地方进行投票。| +你的愿望一个静态CVE id长度?——是吗?没有| +如果是这样,你觉得什么长度会接受你吗?——6 ?7吗? 12 | ? More? -- Something else? | Here are options that combines what Art listed as well as the original two | options. The original Option C has been dropped from this poll as a result | of the initial vote. | | OPTION A: Year + 6 digits, with leading 0's | | OPTION B: Year + arbitrary digits, no leading 0's except IDs 1 to 999 | | OPTION D: Year+ 7 digits with leading 0's | | OPTION E: Year + 12 digits with no leading zeros. | | OPTION F: Year + 12 digits with no leading zeros, starting at 1000 for each | year. | | OPTION G: Year + Infinite digits with no leading zeros, starting at 1000 | for each year. | | Just want to take a pulse as to where we are? | | Kent Landfield | | McAfee | An Intel Company | Direct: +1.972.963.7096 | Mobile: +1.817.637.8026 | Web: www.mcafee.com | | From: Art Manion  | Date: Thursday, April 18, 2013 11:19 PM | To: "Booth, Harold"  | Cc: "cve-editorial-board-list@lists.mitre.org" < | cve-editorial-board-list@LISTS.MITRE.ORG> | Subject: Re: CVE ID Syntax Vote - results and next steps | | | -----BEGIN PGP SIGNED MESSAGE----- | Hash: SHA1 | | | On 2013-04-18 22:34, Booth, Harold wrote: | | | I would also add that with an Option B with no leading zeros, | | including less than four digits, a transition of sorts is available | | for the first year (or more) if CVE identifiers started at 1000. | | Until the 9000'th CVE tools would successfully chug along giving | | everyone a bit more transition time. This could allow even more | | time depending on the eventual number of CVEs created. Whereas with | | an Option A with padding there is no such transition, and whatever | | number of digits are agreed to are included in every CVE from the | | beginning (in 2014?). | | For the sake of further discussion, by no means an official set of | choices... | | Option D: Seven numeric characters with leading zeros. | | Option E: Twelve numeric characters, no leading zeros. | | Option F: Twelve numeric characters, no leading zeros, starting at | 1000 for each year. | | Option G: Infinite numeric characters, no leading zeros, starting at | 1000 for each year. | | I picked 12 because someone suggested 10+. I'm also saying "numeric | characters" to raise the issue of treating everything after "CVE" or | "CVE-YYYY" as a string. Not sure that capping it makes much | difference. | | Not sure this covers all the recently discussed options. | | Also not sure how to handle this situation procedurally? Declare a | mistrial and prepare another ballot, after further discussion? | | | ~ - Art | -----BEGIN PGP SIGNATURE----- | Version: GnuPG v1.4.13 (Darwin) | Comment: Using GnuPG with Thunderbird -http://www.enigmail.net/| | iEYEARECAAYFAlFwxdoACgkQk / 8 fedbcakopegcgnbanjbjqesdrgzibfekbwhgy | ZvkAoKAsHLKb4sYDNP + kd3buSlenErhb | = wcLt | - - - - -端PGP签名- - - - - - | |