From d54e211ef3098e4dd74dc0ff85e8f3324760e4c9 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Fri, 27 Jun 2025 09:49:32 +0200 Subject: [PATCH 1/5] docs: improve README.md * Deemphazise the old repo link alert. * Add more hints about officially unsupported but possible use as library. solve #634 --- README.md | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index b76bf95..ccb8d67 100644 --- a/README.md +++ b/README.md @@ -9,14 +9,6 @@ --> -> [!IMPORTANT] -> To avoid future breakage, if you still use `csaf-poc`: -> 1. Adjust your HTML links. -> 2. Adjust your go module paths, see [#579](https://github.com/gocsaf/csaf/issues/579#issuecomment-2497244379). -> -> (This repository was moved here on 2024-10-28. The old one is deprecated -> and redirection will be switched off a few months later.) - # csaf @@ -49,13 +41,22 @@ is a tool for testing a CSAF Trusted Provider according to [Section 7 of the CSA ### [csaf_aggregator](docs/csaf_aggregator.md) is a CSAF Aggregator, to list or mirror providers. -## Other stuff + +## Use as go library + +The modules of this repository can be used as library from other Go applications. [ISDuBA](https://github.com/ISDuBA/ISDuBA) does so, for example. +But there is only limited support, and thus _not officially supported_. +There are plans to change this without timeline, with a future major release, +e.g. see [#367](https://github.com/gocsaf/csaf/issues/367). + +Initially envisioned as toolbox, it was not constructed as a library, +and to name one issue, exposes to many functions. +This leads to problems like [#634](https://github.com/gocsaf/csaf/issues/634), where we have to accept that with 3.2.0 there was an unintended API change, +that we now have to live with. ### [examples](./examples/README.md) -are small examples of how to use `github.com/gocsaf/csaf` -as an API. Currently this is a work in progress, as usage of this repository -as a library to access is _not officially supported_, e.g. -see https://github.com/gocsaf/csaf/issues/367 . +are small examples of how to use `github.com/gocsaf/csaf` as an API. Currently this is a work in progress. + ## Setup Binaries for the server side are only available and tested @@ -107,6 +108,14 @@ Binaries will be placed in directories named like `bin-linux-amd64/` and `bin-wi For further details of the development process consult our [development page](./docs/Development.md). +## Previous repo URLs + +> [!NOTE] +> To avoid future breakage, if you have `csaf-poc` in some of your URLs: +> 1. Adjust your HTML links. +> 2. Adjust your go module paths, see [#579](https://github.com/gocsaf/csaf/issues/579#issuecomment-2497244379). +> +> (This repository was moved here from https://github.com/csaf-poc/csaf_distribution on 2024-10-28. The old one is deprecated and redirection will be switched off somtimes in 2025.) ## License From a6d0a0c790644362cb128f473e42c10b8e993bf5 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Fri, 27 Jun 2025 10:20:56 +0200 Subject: [PATCH 2/5] docs: extend package csaf doc comment * fix sentence. * add link to the section in the top-level readme that has the limits on the use as a library. --- csaf/doc.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/csaf/doc.go b/csaf/doc.go index f1e092c..233bda6 100644 --- a/csaf/doc.go +++ b/csaf/doc.go @@ -6,7 +6,11 @@ // SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) // Software-Engineering: 2023 Intevation GmbH -// Package csaf contains the core data models used by the csaf distribution. +// Package csaf contains the core data models used by the csaf distribution +// tools. +// +// See https://github.com/gocsaf/csaf/tab=readme-ov-file#use-as-go-library +// about hints and limits for its use as a library. package csaf //go:generate go run ./generate_cvss_enums.go -o cvss20enums.go -i ./schema/cvss-v2.0.json -p CVSS20 From 7b7d0c4dcb035d1edd8684d115abd246684e9e60 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Fri, 27 Jun 2025 10:24:48 +0200 Subject: [PATCH 3/5] improve phrasing --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ccb8d67..094412f 100644 --- a/README.md +++ b/README.md @@ -45,9 +45,8 @@ is a CSAF Aggregator, to list or mirror providers. ## Use as go library The modules of this repository can be used as library from other Go applications. [ISDuBA](https://github.com/ISDuBA/ISDuBA) does so, for example. -But there is only limited support, and thus _not officially supported_. -There are plans to change this without timeline, with a future major release, -e.g. see [#367](https://github.com/gocsaf/csaf/issues/367). +But there is only limited support, and thus it is _not officially supported_. +There are plans to change this without concrete schedule, with a future major release, e.g. see [#367](https://github.com/gocsaf/csaf/issues/367). Initially envisioned as toolbox, it was not constructed as a library, and to name one issue, exposes to many functions. From 27e9519ed56efeecf47fb94257a0f32427ad5aae Mon Sep 17 00:00:00 2001 From: JanHoefelmeyer Date: Wed, 2 Jul 2025 09:20:27 +0200 Subject: [PATCH 4/5] Fix: Remove some Typos as well as grammatical errors and oddities --- README.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 094412f..ad2dc86 100644 --- a/README.md +++ b/README.md @@ -44,14 +44,13 @@ is a CSAF Aggregator, to list or mirror providers. ## Use as go library -The modules of this repository can be used as library from other Go applications. [ISDuBA](https://github.com/ISDuBA/ISDuBA) does so, for example. -But there is only limited support, and thus it is _not officially supported_. -There are plans to change this without concrete schedule, with a future major release, e.g. see [#367](https://github.com/gocsaf/csaf/issues/367). +The modules of this repository can be used as library by other Go applications. [ISDuBA](https://github.com/ISDuBA/ISDuBA) does so, for example. +But there is only limited support and thus it is _not officially supported_. +There are plans to change this without a concrete schedule within a future major release, e.g. see [#367](https://github.com/gocsaf/csaf/issues/367). -Initially envisioned as toolbox, it was not constructed as a library, -and to name one issue, exposes to many functions. -This leads to problems like [#634](https://github.com/gocsaf/csaf/issues/634), where we have to accept that with 3.2.0 there was an unintended API change, -that we now have to live with. +Initially envisioned as a toolbox, it was not constructed as a library, +and to name one issue, exposes too many functions. +This leads to problems like [#634](https://github.com/gocsaf/csaf/issues/634), where we have to accept that with 3.2.0 there was an unintended API change. ### [examples](./examples/README.md) are small examples of how to use `github.com/gocsaf/csaf` as an API. Currently this is a work in progress. From 21ce19735bbeab67353ef97939b53a2fa5322903 Mon Sep 17 00:00:00 2001 From: JanHoefelmeyer Date: Wed, 2 Jul 2025 09:23:23 +0200 Subject: [PATCH 5/5] Fix: Fix typo and misleading meaning --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ad2dc86..897dfe0 100644 --- a/README.md +++ b/README.md @@ -113,7 +113,7 @@ For further details of the development process consult our [development page](./ > 1. Adjust your HTML links. > 2. Adjust your go module paths, see [#579](https://github.com/gocsaf/csaf/issues/579#issuecomment-2497244379). > -> (This repository was moved here from https://github.com/csaf-poc/csaf_distribution on 2024-10-28. The old one is deprecated and redirection will be switched off somtimes in 2025.) +> (This repository was moved here from https://github.com/csaf-poc/csaf_distribution on 2024-10-28. The old one is deprecated and redirection will be switched off sometime in 2025.) ## License