|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Active Candidates and Unresolved Content Decisions
A question has been raised as to what candidates are affected by content decisions that have not yet been resolved. The short answer is, that information is in my head. I have not recorded the specific content decisions that impact each candidate. However, I do plan to make this information explicit, at least for internal use. I believe that as long as a candidate is affected by a content decision that has not been resolved, that candidate should remain active. Otherwise, if we promote it to a CVE vulnerability, it could get changed if a content decision is modified, along with all other vulnerabilities that are affected by that content decision. We should avoid doing this as much as possible, since the CVE should be as stable as possible. I believe it is especially important in these early days for the CVE, because everything is still evolving. The larger issue has to deal with knowing which content decisions haven't been resolved yet. There are a number of decisions which we all know are highly contentious; others have been presented, but nobody has commented; others have elicited a mild response. I will be developing a voting mechanism very similar to that for individual candidates, which will make it easier to track the progress of our discussions of content decisions. - Steve
|
||||
