Security Advisories: no guidance on what the file should contain after the TOML #41
Comments
|
#39 might well be addressed by this. For example the guidance might include something like:
|
|
I agree that this is a real limitation of the document as written - what you've described is what was in my head, but when the final guidelines come out, they need to make it explicit! Thanks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The security advisory spec does not state what the markdown file should contain,
apart from the TOML front matter.
Browsing the RustSec advisory DB shows that their advisories typically contain a write-up of
the issue: title, summary, attack description, mitigations, timeline, acknowledgements, etc.
Presumably the same is intended for the Haskell advisory DB. But the TP (or the official
documentation that arises from it) ought to include guidance on the advisory file contents
beyond the TOML.
The text was updated successfully, but these errors were encountered: