On Thu, Sep 16, 2021 at 12:58 PM Mark J Cox <m...@apache.org> wrote: > > Hi; at the moment the ASF customisation to the tool is tracked in my github > fork along with issues. There's no specific place to discuss it other than > secur...@apache.org. That's all just because there's only me having worked > on it. > > There are going to be some big changes needed to the tool and running > instance in the coming months to support the new CVE Project v5.0 JSON > schema, as that is required for more of the future CVE project automation > (such as live submission to their database), so that will likely take up all > the time I can personally spend updating the tool in the near future.
For the sake of discussion/argument: Do we want/need to reproduce this information on the website or is linking to the changelog sufficient? We lose our pseudo-scoring and the range of affected versions. We could bake them into our changelog-entry authoring/review.