Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Three dateUpdated fields, all set by Services #291

Open
zmanion opened this issue Mar 18, 2024 · 4 comments
Open

Three dateUpdated fields, all set by Services #291

zmanion opened this issue Mar 18, 2024 · 4 comments
Labels
bug Something isn't working Needs Discussion Discuss in a future QWG meeting or on mailing list section:dates Schema location is dates

Comments

@zmanion
Copy link
Contributor

zmanion commented Mar 18, 2024

dateUpdated for the CVE record

dateUpdated for the CNA container
Timestamp to be set by the system of record at time of submission. If dateUpdated is provided to the system of record it will be replaced by the current timestamp at the time of submission.

dateUpdated for the ADP container, same treatment as 2.

As noted in 2., if CNAs or ADPs provide dateUpdated, it gets stomped by the Services. So consider not allowing submission of these fields.
@zmanion
Copy link
Contributor Author

zmanion commented Mar 18, 2024

Copied from/duplicate of CVEProject/automation-working-group#120 since this issue involves an interaction between CVE Record Format and CVE Services.

@zmanion zmanion mentioned this issue Mar 18, 2024
Closed
@jayjacobs jayjacobs added the bug Something isn't working label Oct 18, 2024
@jayjacobs
Copy link
Collaborator

jayjacobs commented Oct 18, 2024
edited
Loading

Not exactly clear what the request of the QWG is here. If anything this seems like a documentation update? The schema can't enforce what to submit or not, and the overwriting would be done in cve services.

@jayjacobs jayjacobs added the section:dates Schema location is dates label Nov 7, 2024
@jayjacobs jayjacobs mentioned this issue Jan 3, 2025
Open
@jayjacobs
Copy link
Collaborator

Related to #378.

@ccoffin
Copy link
Collaborator

ccoffin commented Jan 3, 2025

Current providerMetaData\dateUpdated description has the following description:
"Timestamp to be set by the system of record at time of submission. If dateUpdated is provided to the system of record it will be replaced by the current timestamp at the time of submission." We should verify with AWG that this date time stamp does in fact get overwritten as described. dateUpdated also exists in cveMetadataPublished and this should not be part of a CNA or ADP submission as it is at the CVE Record level. We may want to document this in the schema.

@ccoffin ccoffin added the Needs Discussion Discuss in a future QWG meeting or on mailing list label Jan 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working Needs Discussion Discuss in a future QWG meeting or on mailing list section:dates Schema location is dates
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jayjacobs @ccoffin @zmanion