You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
These requirements are currently missing (or not obviously covered):
uses the value aggregator for /aggregator/category.
lists a mirror for at least two disjoint issuing parties pointing to a domain under its own control.
links the public part of the OpenPGP key used to sign CSAF documents for each mirrored issuing party in the corresponding provider-metadata.json.
provides for each CSAF document that is mirrored a signature (requirement 19) and a hash (requirement 18). Both SHALL be listed in the ROLIE feed. If the issuing party provides those files for a CSAF document, they SHOULD be copied as well. If the issuing party does not provide those files, they SHALL be created by the CSAF aggregator. Such a signature does not imply any liability of CSAF aggregator for the content of the corresponding CSAF document. It just confirms that the CSAF document provided has not been modified after being downloaded from the issuing party. A CSAF aggregator MAY add additional signatures and hashes for a CSAF document.
Originally posted by @KuechA in #35 (comment)
The text was updated successfully, but these errors were encountered: