From 9967bfffe65eb7c848dd247f73851c8dd2a6f99d Mon Sep 17 00:00:00 2001 From: JanHoefelmeyer Date: Thu, 22 Jun 2023 13:46:16 +0200 Subject: [PATCH] Amend checker docs to explain why authorization for RED/AMBER advisories needs to be genuine --- docs/csaf_checker.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/csaf_checker.md b/docs/csaf_checker.md index 74e7475..96bb6c7 100644 --- a/docs/csaf_checker.md +++ b/docs/csaf_checker.md @@ -52,5 +52,5 @@ see https://github.com/csaf-poc/csaf_distribution/issues/221 . If a provider hosts one or more advisories with a TLP level of AMBER or RED, then these advisories should be access protected. To check these advisories, authorization can be given via custom headers or certificates. -The authorization method chosen should grant access to all advisories, as otherwise the -checker will be unable to check all advisories and returns likely wrong output. +The authorization method chosen needs to grant access to all advisories, as otherwise the +checker will be unable to check the advisories it doesn't have permission for, falsifying the result.