IETF Logo Mail Archive

Re: [sacm] [sacmwg/draft-ietf-sacm-information-model] softwareClass does not support softwareDependencies (#76)

Jerome Athias <notifications@github.com> Fri, 28 April 2017 07:32 UTC

Return-Path: <bounces+848413-495d-sacm=ietf.org@sgmail.github.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CE8B12951F for <sacm@ietfa.amsl.com>; Fri, 28 Apr 2017 00:32:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PfCt1FrcYH_Y for <sacm@ietfa.amsl.com>; Fri, 28 Apr 2017 00:32:48 -0700 (PDT)
Received: from o7.sgmail.github.com (o7.sgmail.github.com [167.89.101.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF8F3129BF9 for <sacm@ietf.org>; Fri, 28 Apr 2017 00:29:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=hv+OVN78yrUqMiywkKRLOtr09Nk=; b=ke2HKm5CHXfU1VmQ BzhwAwZ4rYBdnrZ5jhf17yoiOC/RK6OxZ90LogaWZ1w/NWYqgXoNvMTZnA6vKjck 0OP43vpefe40ldhY4z0DrEUkvsKu4GXkwK8PhK+VP6FYtUVoYKYdsSY2wcfdIx9O IWKmh4SwMDfj4UyaPAiiqb8Olvw=
Received: by filter0991p1mdw1.sendgrid.net with SMTP id filter0991p1mdw1-19267-5902EF70-3D 2017-04-28 07:29:52.88399433 +0000 UTC
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2b-ext-cp1-prd.iad.github.net [192.30.253.17]) by ismtpd0001p1iad1.sendgrid.net (SG) with ESMTP id 8jAFQfLHSY2vA6xVYNjblg for <sacm@ietf.org>; Fri, 28 Apr 2017 07:29:52.992 +0000 (UTC)
Date: Fri, 28 Apr 2017 00:29:52 -0700
From: Jerome Athias <notifications@github.com>
Reply-To: sacmwg/draft-ietf-sacm-information-model <reply+00a6c4d14f12de65219a9387c9f68be32270bd9aef12c4ee92cf00000001151ab17092a169ce0cca955a@reply.github.com>
To: sacmwg/draft-ietf-sacm-information-model <draft-ietf-sacm-information-model@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <sacmwg/draft-ietf-sacm-information-model/issues/76/297928614@github.com>
In-Reply-To: <sacmwg/draft-ietf-sacm-information-model/issues/76@github.com>
References: <sacmwg/draft-ietf-sacm-information-model/issues/76@github.com>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5902ef70dd8d3_1e393fcf15eedc384381a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: athiasjerome
X-GitHub-Recipient: sacm
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: sacm@ietf.org
X-SG-EID: UtArl2HfP/Y+1oZ8SNY9H2/wL8Bw3jPjT0hekytArJxBeketKUTusDBRHwwdFu13Tkv5O0r5QRGmal 1fvl2aduBMcbf8eYgOCPLPZ1iNZvqNf5+1UNBq7Jo9yoLqSUva1yrY9oiC2E18hTYde5QJ8xRj+LxC hxo0l+QWdAejt1yUeRd4XPm6Xx7hdqpS8jkNttFSKPiM7LTpD7Xlwhml9wYFoMlOamjDr7USev3wz1 s=
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/rnRzu5lWXhOfwSr4uItSjDOg_EU>
Subject: Re: [sacm] [sacmwg/draft-ietf-sacm-information-model] softwareClass does not support softwareDependencies (#76)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Apr 2017 07:32:50 -0000

Your "library" approach is an option yes, and this will allow covering more use cases than currently, so yes.

Reminder however of the importance of the attributes version/epoch/hash
e.g. http://lists.cisecurity.org/pipermail/oval_developer_lists.cisecurity.org/Week-of-Mon-20170417/000222.html


In the future we would have to cover another one which is for software of type website (e.g. web admin interface of a device (so not really a firmware), and web applications (not really server/desktop softwares) where the -software's components/dependencies- (quite equivalent to "libraries" from a model point of view) are: software artifacts (understand source code/files like web pages (e.g. .php, .aspx pages, JavaScript, or .py, .rb, etc.)

To cover all of this, a softwareComponent class would be more generic (from a model and semantic point of view), where a softwareComponent/Dependency could be a library or an artifact (so basically a file), which validates basically your filepath IE approach



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/sacmwg/draft-ietf-sacm-information-model/issues/76#issuecomment-297928614

v2.23.0 | Report a Bug | By Email