-
Notifications
You must be signed in to change notification settings - Fork 319
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CONTRIBUTING.md references OSV schema while the actual repo/PR builds reject valid JSON #2644
Comments
Hi Daniel, Thank you for your input! Unfortunately, our internal use case conflicts with OSV's in such a way that we cannot make this possible right now. OSV's purpose is to provide a single-direction deterministic report, whereas we need to encode advisories in two directions: to OSV when we publish advisory reports and from OSV when we gather community input. Combining overlapping event types into a single affected package would disrupt our ability to parse community contributions into something suitable for our internal format in a lossless way. We've brainstormed various ways to address this issue, but there's no clear path forward at the moment. That being said, I acknowledge the concern, and I will keep this issue open in case others want to share similar concerns. |
To clarify, I am asking for documentation, not to allow all OSV legal content. Or are you saying the way all of this works makes documenting additional limitations impossible? |
Ah, I'm clarifying why we can't fix the issue, but we can definitely update docs to note that not all OSV content is applicable. I'll circle back to this issue when we've updated this! |
From docs:
But then…
Limitations beyond the schema such as the inability to specify nontrivial version ranges should be documented in a manner accessible before doing the work.
The text was updated successfully, but these errors were encountered: