-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reduce emphasis or possibly deprecate the vector format #333
Comments
I think we can probably de-emphasize in the docs and also maybe not provide tools for going from JSON to "vector format" (partly because it would be a lossy conversion, vector format cannot contain all the info that is in the JSON, so if we provide a tool to convert to it, it will make it easier for people to not just ship around the JSON like they will need to). |
Are there negative consequences to removing the abbreviated format from the reference docs entirely that we are not prepared to accept? I know we could always look at the content before #451 if we need it back, but just flagging that reduce emphasis and remove are not exactly the same. |
Directly answering the question posed:
From a fact-finding standpoint, the following is a consequence of merging #451 as-is:
That's okay with me as the content is currently already out ahead of the calculator and we're not necessarily trying to resolve that with new calculator features at the moment. I don't know where the "prepared to accept" line lies for others. But as regards this issue and #451 as currently proposed: I suppose the question is: if #451 represents the "maximal de-emphasis", then "less-than-maximal de-emphasis" would imply something between what is currently there and #451. So what parts should we keep? I find that a challenging question to answer. The reason I went as far as I did in #451 was that I didn't see how to reduce without basically removing it. Referring to this https://github.com/CERTCC/SSVC/pull/451/files/e01f6a598e324c2374ed02de95281b9ee8878f41 state:
Other than that, I couldn't really find anywhere that the vector format shows up outside the calculator. If there's anything concrete to do in response to this issue, I think it's what's currently in #451, plus perhaps a second as-yet unrecorded issue/PR to modify the calculator. However, if the point of this issue is to remind us that we're thinking about deprecating the vector format, then we can probably just close #451 without merging and then close this issue as it's not otherwise actionable. I'm not super invested in the outcome, I just think the choice is essentially one of:
An addendum to (1) above could be to also spawn one or more issues to remove the vector from the calculator and come back to pick up the equivalent of #451 later. Also, late breaking caveat: It might be that I was narrowly defining "de-emphasis" as "remove / make the verbal footprint smaller" and it's entirely possible that adding words would serve to de-emphasize it better. Hadn't really considered that before now. But I'm also not sure what words to add as the existing documentation footprint is mostly just defining the vector format as mentioned above. |
Since we are moving toward decision points being the primary data objects, this began as a discussion over whether the "vector format" should include data point version information.
On further discussion, the consensus appeared to be that the usefulness of the vector format is in doubt, and the main argument in favor of it was that it resembles CVSS vector representation. But that didn't feel very compelling to the conversants at the time.
So the direction we came up with was to de-emphasize the "vector format" in favor of the
.json
representation, and encourage people to use words rather than shorthand notation to talk about SSVC decision points and values.Resolving this issue will involve either choosing to deprecate the vector format entirely, or just de-emphasize it in the docs (perhaps it survives as an example of how to use decision point keys?)
This issue is the driver behind Issue #332
The text was updated successfully, but these errors were encountered: