-
Notifications
You must be signed in to change notification settings - Fork 457
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug: justification is no longer prepended to triage comments #4439
Comments
terriko
added a commit
to terriko/cve-bin-tool
that referenced
this issue
Sep 13, 2024
* workaround for intel#4439 I decided it was probably better to retain the 3.3 behaviour for now; we can decide if that's the right choice for future releases later. Signed-off-by: Terri Oda <[email protected]>
terriko
added a commit
that referenced
this issue
Sep 13, 2024
* workaround for #4439 I decided it was probably better to retain the 3.3 behaviour for now; we can decide if that's the right choice for future releases later. Signed-off-by: Terri Oda <[email protected]>
Hi I tested 3.4 and it appears to now be pre-pending justification to the comments |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From #4417:
This is almost certainly because we switched to https://github.com/anthonyharrison/lib4vex/ and thus aren't explicitly adding the justification field in ourselves. The question is... should we be? I think existing users of cve-bin-tool would expect it, but anyone using vex triage in other spaces would not, and users might prefer to not have their comments "altered" and it may make more sense to just let the users put whatever they want in that field and only propagate it.
Pinging @anthonyharrison to see if he's got thoughts about the best way to handle this.
If we decide we want it fixed, we can either add code in cve-bin-tool to prepend the justification (though we'll need to be careful not to constantly add more stuff to the start of string), or we could adjust lib4vex to do it there. Again, this depends on what @anthonyharrison wants to do and whether we want cve-bin-tool to make a different choice or not.
The text was updated successfully, but these errors were encountered: