__Sander__ has quit [Quit: Konversation terminated!]
<pie__>
andi-, since you;ve been working on related stuff;
<pie__>
if im trying to improve the vulnerability transparency of an open source project towards end users
<pie__>
and i want to provide some sort of machine readable feed of project "major" issues, do you have any advice
<pie__>
maybe probably i should also just use something to generate the user facing html page as well
<andi->
submit them to the NVD database
<andi->
with proper cpe/cvss/...
<andi->
if you intend the general audience to treat your software es every other software out there.
<pie__>
hm, well thats not something I shouldnt do i guess
<andi->
Other then that: list all issues with unique (project unique should be enough) identfier on you website in files that are structured like any ohter.. I like how curl, openssl, xen,... does it
<pie__>
ok
<pie__>
i figured i should/could give an rss feed or something
<andi->
the worst thing is having fixed an issue but not sharing it as a fix.
<pie__>
not sure what you mean
<andi->
thats also okay but I (personally) prefer mailing lists
<andi->
well look at hdf5 for example. they hardly announce stuff..
<pie__>
you mean they announce an issue, fix it, then send some updates but its not made clear that they fix the issue?