Re: Birds of Feather Meeting - Follow Up
I'll suggest that coming out with a high quality product is more
important than coming out with something on June 2nd. By the middle
of next week, I'll be able to assess when I can put resources on
adding CVE numbers to our entire database, and that will allow us to
provide useful quality feedback about the amount of change we see as
needed. If, in trying to use the CVE, we discover problems, then I'll
suggest that we consider holding it until such problems can be
I like your suggestion of treating each as a candidate, but suggest
that 8 per day on this for a month fails to take into account other
responsibilities that many of us have.
On Thu, May 13, 1999 at 09:07:55AM -0400, Russ wrote:
| >1) Several people suggested that they would NOT be able
| My suggestion would be to avoid making any attempt at stating
| "completeness" by any "release date". The mechanisms you've proposed are
| that potential CVE candidates would be discussed in a forum, and then,
| if acceptable, added to the CVE. Let's just take that approach with the
| items currently in your CVE. Depreciate them to candidates and put them
| out to the list one at a time. It gives us a basis upon which to test
| the mechanisms for review. You might want to meter them, that is,
| release 1 per hour for 8 hours a day, or some such thing to avoid
| I can't remember how many entries you currently have in there, but it
| may be that we might get through them all before your June 2nd deadline.
| Give each one, say, 2 weeks of forum time and then declare it unless
| discussion is fervent about it.
| The deadline should be "when its agreed by the forum or arbitrarily
| declared by Mitre".
| Russ - NTBugtraq Editor