Dear colleagues,
I hereby submit the following call to action and request that all TC members take a look at Issue #1280 "Clarify use case for sorting of changes.csv" (https://github.com/oasis-tcs/csaf/issues/1280).
The base question is: How can we improve the situation for incremental downloaders that currently miss CSAF documents as some CSAF providers do not provide the files at the time given in `current_release_date` but later. In some cases, this leads to a situation where a new CSAF document is inserted in the middle of a changes.csv (or ROLIE feed) which prevents incremental downloaders to see (and download) the entry.
The post https://github.com/oasis-tcs/csaf/issues/1280#issuecomment-3885719057 summarizes multiple options and tries to provide a small and simple pros and cons list.
This issue needs a decision at latest during the next TC meeting, so please join the discussion and provide your opinion.
Best wishes,
Thomas
------------------------------
Thomas Schmidt
Subject Matter Expert
Federal Office for Information Security (BSI) Germany
------------------------------