Comments (5)
bernhardreiter
commented on June 16, 2024
1
@bernhardreiter: Where did you get the information from that it should fulfill all ISO 8601 profiles?
Good catch, I've checked the CSAF-2.0 documentation, which does not explicitely refer to datetime standards, so I'd assumed that in absence of mentioning it, ISO 8601 would be a real-world expectation as it is a normative reference. I've made the mistake of not checking the ROLIE standards! Thanks for pointing it out.
@sthagen the problem is not the Z, but the missing ":" time-second, which is mandatory in
partial-time = time-hour ":" time-minute ":" time-second
@s-l-teichmann we could improve that checker message, I think, but this is worth to be handled elsewhere.
Invalid, ROLIE datetimes MUST adhere to RFC3339
from csaf_distribution.
s-l-teichmann
commented on June 16, 2024
@bernhardreiter: Where did you get the information from that it should
fulfill all ISO 8601 profiles?
From ROLIE RFC
https://datatracker.ietf.org/doc/html/rfc8322#section-6.1.3
does not say it explicitely.
https://datatracker.ietf.org/doc/html/rfc8322#section-7.4
mentions is explicitely
urn:ietf:params:rolie:property:content-updated-date
The "value" attribute of this property is a text representation
indicating the date that the content, referenced by the "src"
attribute of the Entry's "atom:content" element, was last updated.
This date may differ from the updated date of the ROLIE Entry
because updates made to the content and to the ROLIE Entry are
different events. The date MUST be formatted as specified in
[[RFC3339](https://datatracker.ietf.org/doc/html/rfc3339)].
But RFC3339 is a normative reference, we believe it must be [RFC3339]
which the code enforces.
from csaf_distribution.
sthagen
commented on June 16, 2024
Well, https://datatracker.ietf.org/doc/html/rfc3339#section-5.6 provides z and Z … as that simplified profile of ISO-8601 modern RFCs should use 😉
from csaf_distribution.
bernhardreiter
commented on June 16, 2024
To be more precise the ROLIE specification lists RFC3339 as normative reference, which we interpret in the sense that all datetime values MUST use that format. (Even if it is only mentioned explicitely in section https://datatracker.ietf.org/doc/html/rfc8322#section-7.4 for The "rolie:property" Extension Point. (I've edited @s-l-teichmann comment above accordingly.))
from csaf_distribution.
bernhardreiter
commented on June 16, 2024
As followup I've suggest that CSAF moves to RFC3339 with UTC only in oasis-tcs/csaf#469
from csaf_distribution.
Related Issues (20)
- Improve comparison between files found via changes.csv and ROLIE feeds
- Difference between schema in repo and schema on first.org for CVSS 3.0 HOT 2
- csaf_downloader - Unknown Flags: -n, --nostore HOT 2
- csaf_downloader fails on cert-bund.de? HOT 8
- Binaries do not run on elder GNU/Linux systems (GLIBC_2.32 required) HOT 5
- verbose should correspond to a loglevel and those be made more consistent HOT 3
- The provider set up via the scripts in docs/scripts contains only-access-protected-available TLP:WHITE advisories HOT 3
- Consider structured logging for aggregator, too.
- No files checked for current year HOT 2
- Schema validation seems to ignore formats HOT 1
- Release 3.0.0-beta.2 HOT 1
- Basic Advisory Model to help handling Csaf Advisories
- set ACAO header to allow cross-origin access for public files
- add longer relative interval time ranges HOT 2
- Add an utility method on the advisory framework to fetch product identifiers
- Relationships not evaluated HOT 5
- `csaf_searcher` does not provide version HOT 6
- Document generated files HOT 2
- csaf_checker could not parse validatorpreset when using a TOML file HOT 2
- Unify variable names and config parameters
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csaf_distribution.