Hi Thomas, Thanks for these. I’ve made the changes in the editor’s copy, which will come out after LC. Eliot > On 6 Mar 2023, at 18:10, Schmidt, Thomas <thomas.schmidt@xxxxxxxxxxx> wrote: > > Hi Eliot, > thank you for the fast reply. Each document lists a preferred variant (see citation format - copied here as service): > > [CVRF-v1.2] > CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2. Edited by Stefan Hagen. 13 September 2017. OASIS Committee Specification 01. http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.html. Latest version: http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/csaf-cvrf-v1.2.html. > > [csaf-v2.0] > Common Security Advisory Framework Version 2.0. Edited by Langley Rock, Stefan Hagen, and Thomas Schmidt. 18 November 2022. OASIS Standard. https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html. Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html. > > Feel free to do all capitals ([CSAF-v2.0]) - I guess that fits better into the way references are usually linked. > > -- > Thomas Schmidt > > >> -----Original Message----- >> From: Eliot Lear <elear@xxxxxxxxx> >> Sent: Monday, March 6, 2023 6:04 PM >> To: Schmidt, Thomas <thomas.schmidt@xxxxxxxxxxx> >> Cc: last-call@xxxxxxxx; scott.rose@xxxxxxxx >> Subject: Re: Last Call: (Discovering and Retrieving Software Transparency and >> Vulnerability Information) to Proposed Standard >> >> Thank you for these, Thomas. We will make these changes. If you have a >> preferred bibliographic reference, we can use that. >> >> Eliot >> >>> On 6 Mar 2023, at 17:47, Schmidt, Thomas <thomas.schmidt@xxxxxxxxxxx> >> wrote: >>> >>> Dear colleagues, >>> >>> the draft currently lists in section 9.2 a reference to CSAF: >>> >>>> [CSAF] OASIS, "Common Security Advisory Format", July 2021, >>>> <https://github.com/oasis-tcs/csaf>. >>> >>> The correct name is "Common Security Advisory Framework". Please also >> update the link to the standard to https://docs.oasis- >> open.org/csaf/csaf/v2.0/csaf-v2.0.html or https://docs.oasis- >> open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html >>> >>> Suggested: >>>> [CSAF] OASIS, "Common Security Advisory Framework Version 2.0", >> November 2022, >>>> <https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html>. >>> >>> I guess a similar comment applies to CVRF which is currently listed as: >>> >>>> [CVRF] Santos, O., Ed., "Common Vulnerability Reporting Framework >>>> (CVRF) Version 1.2", September 2017, <https://docs.oasis- >>>> open.org/csaf/csaf-cvrf/v1.2/csaf-cvrf-v1.2.pdf>. >>> >>> But instead should be: >>> >>>> [CVRF] OASIS , "Common Vulnerability Reporting Framework >>>> (CVRF) Version 1.2", September 2017, <https://docs.oasis- >>>> open.org/csaf/csaf-cvrf/v1.2/csaf-cvrf-v1.2.pdf>. >>> >>> You could add the editors for both as well - but I'm not too sure what the >> recommended format from IEFT looks like. >>> >>> Kind regards, >>> Thomas Schmidt >>> >>> -- >>> Thomas Schmidt >>> > -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
