再保险:CVE的当前状态

在05/26/2017 07:59,贝弗利雀写道:>克里斯,> > > >我更喜欢第二种选择。保持保留并添加> STATE_DETAIL状态。> >我想不出任何其他可能的状态细节,但我们应该> >考虑任何报告要求/统计数据可能有助于横切或CNAs > >未来。> > > >你提到在谈到分配未赋值的状态。>分配状态或将保留这是一样吗?> > > >拒绝,如果没有一个定义列表的拒绝理由,我>鼓励团队定义它们在报道(一致性)。添加>“其他”作为一个包罗万象的错过。一些“断层”需要>与每个未来的原因为了是可行的。一个问题有定义的行为。例如:拒绝:有错误,不要用这个。 RESERVED: this is planned for use, you will see it at some future point (either PUBLIC or REJECTED) PUBLIC: this is used and here's the info. I can't think of an "Other" situation (either we're planning to use the CVE, using it, or explicitly not using it). My thought is if we really truly run into a situation that isn't covered we need to define it officially, I don't want data that is not defined and requires human interaction ideally. -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert@redhat.com