In addition to the previous issue regarding how to identify specific product SBOMs using this approach, another issue with this draft is the lack of acknowledgement for NIST's Vulnerability Disclosure Report.
IMO, this looks like a sales pitch as opposed to an objective and high quality IETF draft intended to serve a useful technical purpose. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: [email protected] Tel: +1 978-696-1788 -----Original Message----- From: OPSAWG <[email protected]> On Behalf Of Eliot Lear Sent: Friday, September 2, 2022 1:00 PM To: tom petch <[email protected]>; Henk Birkholz <[email protected]>; [email protected] Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sbom-access-06.txt Hi Tom, Just on this one point: On 02.09.22 18:05, tom petch wrote: > does 'http' match the pattern 'https?' ? It should. However, some of the validators have some difficulty on (expr1)|(expr2)|(expr3).* because the .* is applied only to expr3. So I did make a change. Draft is posted. N.B., my version of pyang coughed up a warning on the new Trust text. Eliot _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
