admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-12-30 05:58:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update CONTRIBUTING.md

Browse Source 
Removed DWF references and updated program terminology where needed
This commit is contained in:
Robert Roberge 2022-05-19 08:57:09 -04:00 committed by GitHub
parent 3a73ed85a3
commit 518b723905
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CONTRIBUTING.md
View File

@ -2,12 +2,12 @@
## Notes
1. Only [Root CNAs](https://cve.mitre.org/cve/cna.html) or other members of the CVE Automation Working Group should create
1. Only [Roots]([https://cve.mitre.org/cve/cna.html](https://www.cve.org/PartnerInformation/Partner)) or other members of the CVE Automation Working Group should create
pull requests or open issues in this repository currently. Going
forward, we hope to allow wider participation; eg, from
security researchers and other cybersecurity
community members. Until then, others who wish to contribute should
use the [CVE Request web form](https://cveform.mitre.org). If you are a sub-CNA (e.g. the Kubernetes Project is a sub-CNA of the DWF) you MUST push within your hierarchy first according to the rules within that hierarchy. For example if you are within the DWF you MUST push to your immediate parents fork of the cvelist repo (e.g. for Kubernetes this would be the DWF cvelist fork at https://github.com/distributedweaknessfiling/cvelist).
use the [CVE Request web form](https://cveform.mitre.org). If you are a sub-CNA (e.g. the Kubernetes Project is a sub-CNA of the DWF) you MUST push within your hierarchy first according to the rules within that hierarchy.
2. Only submit information to the MITRE cvelist repo that is intended to become public
immediately. There is **no support** for embargoed submissions!!
@ -19,7 +19,7 @@ significantly or even halted.
License Terms of Use](https://cve.mitre.org/about/termsofuse.html).
5. It is **strongly recommended** that submissions use [signed
commits](https://help.github.com/articles/signing-commits-with-gpg/). Please note that some hierarchies (e.g. the DWF) require all submissions to be signed.
commits](https://help.github.com/articles/signing-commits-with-gpg/). Please note that some hierarchies require all submissions to be signed.
6. Submissions from CNAs should be formatted using the [CVE JSON
format](https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema).
@ -29,7 +29,7 @@ offers a web-based interface for creating and editing information
about one CVE at a time.
## Sending Data about CVE Entries to MITRE
## Sending Data about CVE Records to MITRE
0. If you haven't done so already, create an account on Github.com
and fork the _cvelist_ repository from your parent CNA (e.g. if you are a root CNA you would fork [CVEProject/cvelist](https://github.com/CVEProject/cvelist/) and if you are a DWF sub-CNA you would fork [distributedweaknessfiling/cvelist](https://github.com/distributedweaknessfiling/cvelist)). You can either fork into your own account (e.g. from the command line this is the default), for example, if your account name
@ -42,12 +42,6 @@ in GitHub via the web interface at https://github.com/CVEProject/cvelist by sele
git remote add upstream git@github.com:CVEProject/cvelist.git
```
If you are a sub-CNA you would set it to your parent, e.g. for the DWF you would set it to `git@github.com: distributedweaknessfiling/cvelist.git`:
```
git remote add upstream git@github.com: distributedweaknessfiling/cvelist.git
```
1. Ensure your [fork is up to
date](https://help.github.com/articles/syncing-a-fork/), especially
prior to creating a new branch (every time you create a new branch). The command for this are: