Ben

The current use case was specifically for referencing a public github interface to reference, so this is not possible today. That being said, I'd be open to including this, but...

> Can you confirm that the plan is to drop PURL in favour of CPE 2.3? I may be mistaken, but don't remember us taking the stance on using CPE...

Oh nice thanks for point that out @pombredanne - looks like @sbs2001 is trying to solve exactly the same problems!

> I wonder if we can't rely on package maintainers don't create advisories, if there's a way to authorize a third-party to create it for them. One solution that came...

Agree with @Foxboron and others here, the intent here wouldn't be to replace the CVE assignment process-that has value, and in parallel we should apply for a CVE to ensure...

I think the conversation derailed quite a bit from my initial intent. There are so many problem areas along the open source security lifecycle and this was specifically looking at...

One source of inspiration could be [source maps](https://sourcemaps.info/spec.html). ## How does it work? Typically in my experience most used to find make a mapping between code in a development environment...

Hey @RafaelGSS, I've updated the version ranges, both with the currently maintained versions and the EOL versions. Can you confirm they look ok? Additionally, the UI currently only supports a...

I've updated CVE-2025-23165 and CVE-2025-23166 to include EOL v21. > That's weird, we have always set the versions in this way I think our understanding and the default behavior has...

> So, for now, how should we write the "affected versions" to prevent this from happening again? Sorry for the delay, I just got the team to release an updated...