From nobody Wed Aug 6 16:26:52 2025 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bxwg901lqz63wcG for ; Wed, 06 Aug 2025 16:27:17 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bxwg84rz1z3NXB for ; Wed, 06 Aug 2025 16:27:11 +0000 (UTC) (envelope-from tomek@cedro.info) Authentication-Results: mx1.freebsd.org; none Received: by mail-yb1-xb2a.google.com with SMTP id 3f1490d57ef6-e8d96ff2dfaso76881276.2 for ; Wed, 06 Aug 2025 09:27:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; t=1754497626; x=1755102426; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=aSFQmmw4fLfFpQIrJRMOU/sYhGmVyPuEmCIZ+FDG2VQ=; b=bB8AXcVNs+UNN/TmAzB5P/zFzps8zOm1y/9rkaNOkgOoIYEcyPj1BYaNy0q53fEKtx 2/6GwY69P8VbN5zH44zJhn60lQwRbndfV1uGp6cU0ya8ZCWHrs0K+WvF+0RZwxJzENxD Cax+R2VdB7RcaJDg80W7+E4mWdKBH2/cBtYiONUy3gGzSH8hQxImINaLWX88QRGbdGxq vn+WQARDaTEn50lVJFbGVvrtFuE9HsZUNITypdeNd9NY+2Cn+OlRUg5NuwxteUA5sADg 4J9ztj2YxmHJQTP1882tT4BGPBAXDr7puUWujpWrAnbSelOm/BWZKhCwylG4phLSueF1 wYeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754497626; x=1755102426; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aSFQmmw4fLfFpQIrJRMOU/sYhGmVyPuEmCIZ+FDG2VQ=; b=Aq7BSZM0lnt7Ed3vYYko4O2mtayLG9MCJruJAWaCoauXduW+NeZrjwJcyDQgRd9UZh LyRppRnLAWRnkwVc08xsERajQhvk7IF32Yg59EOBqLHZopD4Pc6QMYeZNVIQ0RJurteM 5iTkJ67i0DA/qAta7mFpPrPsvr/XgDSuT52cIovKBE7uZiDTLnkn86PYCFE6i0mxdyfm MncgNz3fVsWAWct8K8cLeHBYPC65N55T63KbocKD7LKt2GJdTMkUjQ/IxOhLp+m7fu2Q bYB2BOStWJyQhc/o7AxC1sB5YTJfcBD0qwHsJiJ0J9Q+WRwlESGKnKuxRkahSxYM1ErP Tgyw== X-Gm-Message-State: AOJu0YxkiqY5IqiEtUWo51cWD97Qv4pswY75JyzCTEaPx9/pKxOYPKBJ 85yhNyUiDl/SxwVtbr/FfBZct8NxhHLY6w7hFeHsdvK1xtALPBDMui6ewjkiMbzIJjzUr0H0Uig NVxfe2A== X-Gm-Gg: ASbGncvITwpNzkK4J6ZCU0GYeBa+CbH5PqIx4xbpc+Ukl/WK92GPqAEImT9lCxOxihc mmuNJbl2YH0HGv8yTwGwIbb1kfgt7+ECwq+/G9qn0ybbwuc+ytP3LNHVTs395O3VRFbWKicraBa TQZ/cH1mIwE0aPmm2tjUyptGdkKYJwsofMuc61YQvsjv6grUpVfUi7sk1oZn/TzgPbDSuZzWFLl /bPeY8xeC2jldTVDV26S7F+0vsLnlBKVi/SX4Q3o5v6FrGvoMV0BsgFuAIWbX672YXxUOyfqVVQ Gx3sycLaHmcedV4KzMU2KrvZwZq3G3dNWPIko6bIV0OqLliLMYnqF5QMYLDgVqEFuRcQv20sda7 tLw4CORNtp+IztKstq8Cl7e4L9KE6BTecho3jqFWcbY9v2he7FHaYuKt3/Fk= X-Google-Smtp-Source: AGHT+IGWU/V9O1Ou0ftAzdlZ4NkkkfOjEFa0JMb/78XQAvgV68S6WGVxBgQCvTb//3957FakjY6MjA== X-Received: by 2002:a05:6902:26c7:b0:e90:2718:3d3f with SMTP id 3f1490d57ef6-e9028971ee4mr3989891276.23.1754497625610; Wed, 06 Aug 2025 09:27:05 -0700 (PDT) Received: from mail-yb1-f180.google.com (mail-yb1-f180.google.com. [209.85.219.180]) by smtp.gmail.com with ESMTPSA id 3f1490d57ef6-e902d809447sm594706276.20.2025.08.06.09.27.05 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 06 Aug 2025 09:27:05 -0700 (PDT) Received: by mail-yb1-f180.google.com with SMTP id 3f1490d57ef6-e8fe618dc71so85233276.0; Wed, 06 Aug 2025 09:27:04 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCVTisM6XZcz8StoHZiv4KhcAKUBkRDqWVT0RMSzIc70pIj5My9OQT3P+4SFJ+rxELBnRCBWt1cg5ajYPi6xMZs=@freebsd.org, AJvYcCXClRsIa9tTLXyXOxPyJK4NvnR2aUftzQKss5gELmCiLQzq9Xm6rM1rTv/X1G0b9J4AOyStovKxYbgyyDUklw==@freebsd.org X-Received: by 2002:a05:6902:4006:b0:e8e:2318:e858 with SMTP id 3f1490d57ef6-e90289c21bdmr4444096276.39.1754497624708; Wed, 06 Aug 2025 09:27:04 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: Tomek CEDRO Date: Wed, 6 Aug 2025 18:26:52 +0200 X-Gmail-Original-Message-ID: X-Gm-Features: Ac12FXy6raDhN8p5tfmvEa_nPrShg69C2D7jRIURco-9PsDbJkv7jwVQNfl8PFQ Message-ID: Subject: Re: RFC: Adopting OSV for Vulnerability Database To: Ed Maste Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org, freebsd-ports@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4bxwg84rz1z3NXB X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] On Wed, Aug 6, 2025 at 3:51=E2=80=AFPM Ed Maste wrote: > Hello everyone, > The Foundation has been evaluating the benefits of migrating FreeBSD > vulnerability data from our bespoke VuXML format to an > industry-recognized format. Such a migration would involve some new > workflows, tools, processes, and documentation, so I'm sharing this > proposal for comments. > (..) > Proposed Standard: OSV (Open Source Vulnerability)[1] > (..) Sounds great! :-) --=20 CeDeROM, SQ7MHZ, http://www.tomek.cedro.info