From e8706e5eb99d40f464587c6d3aba2e2484a3fd6a Mon Sep 17 00:00:00 2001
From: Bernhard Reiter <bernhard@intevation.de>
Date: Wed, 30 Oct 2024 14:46:50 +0100
Subject: [PATCH] feat: perform go path repo move

 * Change the go module path
   from github.com/csaf-poc/csaf_distribution to github.com/gocsaf/csaf.
 * Rename archive for release tarballs.
 * Adjust testing scripts and documentation.
---
 .github/workflows/itest.yml                    |  2 +-
 .github/workflows/release.yml                  |  4 ++--
 Makefile                                       |  6 +++---
 README.md                                      | 10 +++++-----
 cmd/csaf_aggregator/client.go                  |  2 +-
 cmd/csaf_aggregator/config.go                  | 12 ++++++------
 cmd/csaf_aggregator/full.go                    |  4 ++--
 cmd/csaf_aggregator/indices.go                 |  4 ++--
 cmd/csaf_aggregator/interim.go                 |  4 ++--
 cmd/csaf_aggregator/lazytransaction.go         |  2 +-
 cmd/csaf_aggregator/lister.go                  |  4 ++--
 cmd/csaf_aggregator/main.go                    |  2 +-
 cmd/csaf_aggregator/mirror.go                  |  4 ++--
 cmd/csaf_aggregator/processor.go               |  4 ++--
 cmd/csaf_checker/config.go                     |  8 ++++----
 cmd/csaf_checker/links.go                      |  2 +-
 cmd/csaf_checker/main.go                       |  2 +-
 cmd/csaf_checker/processor.go                  |  4 ++--
 cmd/csaf_checker/report.go                     |  4 ++--
 cmd/csaf_checker/reporters.go                  |  2 +-
 cmd/csaf_checker/roliecheck.go                 |  4 ++--
 cmd/csaf_checker/rules.go                      |  2 +-
 cmd/csaf_downloader/config.go                  |  8 ++++----
 cmd/csaf_downloader/downloader.go              |  4 ++--
 cmd/csaf_downloader/forwarder.go               |  4 ++--
 cmd/csaf_downloader/forwarder_test.go          |  4 ++--
 cmd/csaf_downloader/main.go                    |  2 +-
 cmd/csaf_provider/actions.go                   |  4 ++--
 cmd/csaf_provider/config.go                    |  2 +-
 cmd/csaf_provider/create.go                    |  4 ++--
 cmd/csaf_provider/files.go                     |  2 +-
 cmd/csaf_provider/indices.go                   |  2 +-
 cmd/csaf_provider/main.go                      |  2 +-
 cmd/csaf_provider/rolie.go                     |  4 ++--
 cmd/csaf_provider/transaction.go               |  4 ++--
 cmd/csaf_uploader/config.go                    |  4 ++--
 cmd/csaf_uploader/main.go                      |  2 +-
 cmd/csaf_uploader/processor.go                 |  6 +++---
 cmd/csaf_validator/main.go                     |  4 ++--
 csaf/advisories.go                             |  2 +-
 csaf/models.go                                 |  2 +-
 csaf/providermetaloader.go                     |  2 +-
 csaf/rolie.go                                  |  2 +-
 csaf/summary.go                                |  2 +-
 docs/csaf_checker.md                           |  2 +-
 docs/csaf_provider.md                          |  4 ++--
 docs/provider-setup.md                         |  2 +-
 docs/scripts/Readme.md                         |  8 ++++----
 docs/scripts/TLSClientConfigsForITest.sh       |  2 +-
 docs/scripts/TLSConfigsForITest.sh             |  2 +-
 docs/scripts/prepareUbuntuInstanceForITests.sh |  2 +-
 docs/scripts/testAggregator.sh                 |  2 +-
 docs/scripts/testChecker.sh                    |  2 +-
 docs/scripts/testDownloader.sh                 |  2 +-
 examples/README.md                             |  2 +-
 examples/purls_searcher/main.go                |  6 +++---
 go.mod                                         |  2 +-
 internal/options/options.go                    |  2 +-
 58 files changed, 102 insertions(+), 102 deletions(-)

diff --git a/.github/workflows/itest.yml b/.github/workflows/itest.yml
index 364c330c..9cc4c6b6 100644
--- a/.github/workflows/itest.yml
+++ b/.github/workflows/itest.yml
@@ -25,7 +25,7 @@ jobs:
           sudo apt install -y make nginx fcgiwrap gnutls-bin
           cp -r $GITHUB_WORKSPACE ~
           cd ~
-          cd csaf_distribution/docs/scripts/
+          cd csaf/docs/scripts/
           # keep in sync with docs/scripts/Readme.md
           export FOLDERNAME=devca1 ORGANAME="CSAF Tools Development (internal)"
           source ./TLSConfigsForITest.sh
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 739f45c1..4bcd6bab 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,5 +24,5 @@ jobs:
         uses: softprops/action-gh-release@v1
         with:
             files: |
-                dist/csaf_distribution-*.zip
-                dist/csaf_distribution-*.tar.gz
+                dist/csaf-*.zip
+                dist/csaf-*.tar.gz
diff --git a/Makefile b/Makefile
index b4b3964b..083d3b66 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@
 # SPDX-FileCopyrightText: 2021 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
 # Software-Engineering: 2021 Intevation GmbH <https://intevation.de>
 #
-# Makefile to build csaf_distribution components
+# Makefile to build csaf components
 
 SHELL = /bin/bash
 BUILD = go build
@@ -59,7 +59,7 @@ testsemver:
 
 
 # Set -ldflags parameter to pass the semversion.
-LDFLAGS = -ldflags "-X github.com/csaf-poc/csaf_distribution/v3/util.SemVersion=$(SEMVER)"
+LDFLAGS = -ldflags "-X github.com/gocsaf/csaf/v3/util.SemVersion=$(SEMVER)"
 
 # Build binaries and place them under bin-$(GOOS)-$(GOARCH)
 # Using 'Target-specific Variable Values' to specify the build target system
@@ -78,7 +78,7 @@ build_linux build_win build_mac_amd64 build_mac_arm64:
 	env GOARCH=$(GOARCH) GOOS=$(GOOS) $(BUILD) -o $(BINDIR) $(LDFLAGS) -v ./cmd/...
 
 
-DISTDIR := csaf_distribution-$(SEMVER)
+DISTDIR := csaf-$(SEMVER)
 dist: build_linux build_win build_mac_amd64 build_mac_arm64
 	mkdir -p dist
 	mkdir -p dist/$(DISTDIR)-windows-amd64/bin-windows-amd64
diff --git a/README.md b/README.md
index 568bf03b..cec92483 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@
 > and redirection will be switched off a few months later.)
 
 
-# csaf_distribution
+# csaf
 
 Implements a [CSAF](https://csaf.io/)
 ([specification v2.0](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html)
@@ -52,10 +52,10 @@ is a CSAF Aggregator, to list or mirror providers.
 ## Other stuff
 
 ### [examples](./examples/README.md)
-are small examples of how to use `github.com/csaf-poc/csaf_distribution`
+are small examples of how to use `github.com/gocsaf/csaf`
 as an API. Currently this is a work in progress, as usage of this repository
 as a library to access is _not officially supported_, e.g.
-see https://github.com/csaf-poc/csaf_distribution/issues/367 .
+see https://github.com/gocsaf/csaf/issues/367 .
 
 ## Setup
 Binaries for the server side are only available and tested
@@ -81,7 +81,7 @@ Download the binaries from the most recent release assets on Github.
 
 - A recent version of **Go** (1.22+) should be installed. [Go installation](https://go.dev/doc/install)
 
-- Clone the repository `git clone https://github.com/csaf-poc/csaf_distribution.git `
+- Clone the repository `git clone https://github.com/gocsaf/csaf.git `
 
 - Build Go components Makefile supplies the following targets:
 	- Build for GNU/Linux system: `make build_linux`
@@ -110,7 +110,7 @@ For further details of the development process consult our [development page](./
 
 ## License
 
-- `csaf_distribution` is licensed as Free Software under the terms of the [Apache License, Version 2.0](./LICENSES/Apache-2.0.txt).
+- `csaf` is licensed as Free Software under the terms of the [Apache License, Version 2.0](./LICENSES/Apache-2.0.txt).
 
 - See the specific source files
   for details, the license itself can be found in the directory `LICENSES/`.
diff --git a/cmd/csaf_aggregator/client.go b/cmd/csaf_aggregator/client.go
index 8200d34e..916baa5b 100644
--- a/cmd/csaf_aggregator/client.go
+++ b/cmd/csaf_aggregator/client.go
@@ -13,7 +13,7 @@ import (
 	"io"
 	"net/http"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 var errNotFound = errors.New("not found")
diff --git a/cmd/csaf_aggregator/config.go b/cmd/csaf_aggregator/config.go
index b73286c3..81db0b7c 100644
--- a/cmd/csaf_aggregator/config.go
+++ b/cmd/csaf_aggregator/config.go
@@ -20,12 +20,12 @@ import (
 	"time"
 
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/certs"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/filter"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/models"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/internal/certs"
+	"github.com/gocsaf/csaf/v3/internal/filter"
+	"github.com/gocsaf/csaf/v3/internal/models"
+	"github.com/gocsaf/csaf/v3/internal/options"
+	"github.com/gocsaf/csaf/v3/util"
 	"golang.org/x/time/rate"
 )
 
diff --git a/cmd/csaf_aggregator/full.go b/cmd/csaf_aggregator/full.go
index 9ec9812a..e71d7b65 100644
--- a/cmd/csaf_aggregator/full.go
+++ b/cmd/csaf_aggregator/full.go
@@ -18,8 +18,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 type fullJob struct {
diff --git a/cmd/csaf_aggregator/indices.go b/cmd/csaf_aggregator/indices.go
index 272d25b4..17c8d3a1 100644
--- a/cmd/csaf_aggregator/indices.go
+++ b/cmd/csaf_aggregator/indices.go
@@ -19,8 +19,8 @@ import (
 	"strings"
 	"time"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 const (
diff --git a/cmd/csaf_aggregator/interim.go b/cmd/csaf_aggregator/interim.go
index 023c9c42..94147bcb 100644
--- a/cmd/csaf_aggregator/interim.go
+++ b/cmd/csaf_aggregator/interim.go
@@ -24,8 +24,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 type interimJob struct {
diff --git a/cmd/csaf_aggregator/lazytransaction.go b/cmd/csaf_aggregator/lazytransaction.go
index 606d892f..af36ee29 100644
--- a/cmd/csaf_aggregator/lazytransaction.go
+++ b/cmd/csaf_aggregator/lazytransaction.go
@@ -13,7 +13,7 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 type lazyTransaction struct {
diff --git a/cmd/csaf_aggregator/lister.go b/cmd/csaf_aggregator/lister.go
index 4d758e49..7e1fb582 100644
--- a/cmd/csaf_aggregator/lister.go
+++ b/cmd/csaf_aggregator/lister.go
@@ -11,8 +11,8 @@ package main
 import (
 	"fmt"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 // mirrorAllowed checks if mirroring is allowed.
diff --git a/cmd/csaf_aggregator/main.go b/cmd/csaf_aggregator/main.go
index 39c10518..2056e84d 100644
--- a/cmd/csaf_aggregator/main.go
+++ b/cmd/csaf_aggregator/main.go
@@ -15,7 +15,7 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
+	"github.com/gocsaf/csaf/v3/internal/options"
 
 	"github.com/gofrs/flock"
 )
diff --git a/cmd/csaf_aggregator/mirror.go b/cmd/csaf_aggregator/mirror.go
index 6bf72a33..c90ef683 100644
--- a/cmd/csaf_aggregator/mirror.go
+++ b/cmd/csaf_aggregator/mirror.go
@@ -30,8 +30,8 @@ import (
 	"github.com/ProtonMail/gopenpgp/v2/constants"
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 // mirrorAllowed checks if mirroring is allowed.
diff --git a/cmd/csaf_aggregator/processor.go b/cmd/csaf_aggregator/processor.go
index 5cb36283..b22e8396 100644
--- a/cmd/csaf_aggregator/processor.go
+++ b/cmd/csaf_aggregator/processor.go
@@ -14,8 +14,8 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 )
diff --git a/cmd/csaf_checker/config.go b/cmd/csaf_checker/config.go
index ac9ce62b..3ea18403 100644
--- a/cmd/csaf_checker/config.go
+++ b/cmd/csaf_checker/config.go
@@ -13,10 +13,10 @@ import (
 	"fmt"
 	"net/http"
 
-	"github.com/csaf-poc/csaf_distribution/v3/internal/certs"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/filter"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/models"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
+	"github.com/gocsaf/csaf/v3/internal/certs"
+	"github.com/gocsaf/csaf/v3/internal/filter"
+	"github.com/gocsaf/csaf/v3/internal/models"
+	"github.com/gocsaf/csaf/v3/internal/options"
 )
 
 type outputFormat string
diff --git a/cmd/csaf_checker/links.go b/cmd/csaf_checker/links.go
index 0456acea..a3236614 100644
--- a/cmd/csaf_checker/links.go
+++ b/cmd/csaf_checker/links.go
@@ -15,7 +15,7 @@ import (
 
 	"github.com/PuerkitoBio/goquery"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 type (
diff --git a/cmd/csaf_checker/main.go b/cmd/csaf_checker/main.go
index 752fdf8e..4efb3516 100644
--- a/cmd/csaf_checker/main.go
+++ b/cmd/csaf_checker/main.go
@@ -12,7 +12,7 @@ package main
 import (
 	"log"
 
-	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
+	"github.com/gocsaf/csaf/v3/internal/options"
 )
 
 // run uses a processor to check all the given domains or direct urls
diff --git a/cmd/csaf_checker/processor.go b/cmd/csaf_checker/processor.go
index da4214b9..5fd3fbdd 100644
--- a/cmd/csaf_checker/processor.go
+++ b/cmd/csaf_checker/processor.go
@@ -32,8 +32,8 @@ import (
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"golang.org/x/time/rate"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 // topicMessages stores the collected topicMessages for a specific topic.
diff --git a/cmd/csaf_checker/report.go b/cmd/csaf_checker/report.go
index 9b5251b0..58ed25a5 100644
--- a/cmd/csaf_checker/report.go
+++ b/cmd/csaf_checker/report.go
@@ -18,8 +18,8 @@ import (
 	"os"
 	"time"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/models"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/internal/models"
 )
 
 // MessageType is the kind of the message.
diff --git a/cmd/csaf_checker/reporters.go b/cmd/csaf_checker/reporters.go
index 016d3713..157eabee 100644
--- a/cmd/csaf_checker/reporters.go
+++ b/cmd/csaf_checker/reporters.go
@@ -13,7 +13,7 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 type (
diff --git a/cmd/csaf_checker/roliecheck.go b/cmd/csaf_checker/roliecheck.go
index 53d11500..28bd4379 100644
--- a/cmd/csaf_checker/roliecheck.go
+++ b/cmd/csaf_checker/roliecheck.go
@@ -15,8 +15,8 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 // identifier consist of document/tracking/id and document/publisher/namespace,
diff --git a/cmd/csaf_checker/rules.go b/cmd/csaf_checker/rules.go
index eadbbb24..e04388dc 100644
--- a/cmd/csaf_checker/rules.go
+++ b/cmd/csaf_checker/rules.go
@@ -12,7 +12,7 @@ import (
 	"fmt"
 	"sort"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
+	"github.com/gocsaf/csaf/v3/csaf"
 )
 
 type ruleCondition int
diff --git a/cmd/csaf_downloader/config.go b/cmd/csaf_downloader/config.go
index dcfc0900..33f8dc2d 100644
--- a/cmd/csaf_downloader/config.go
+++ b/cmd/csaf_downloader/config.go
@@ -19,10 +19,10 @@ import (
 	"path/filepath"
 	"time"
 
-	"github.com/csaf-poc/csaf_distribution/v3/internal/certs"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/filter"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/models"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
+	"github.com/gocsaf/csaf/v3/internal/certs"
+	"github.com/gocsaf/csaf/v3/internal/filter"
+	"github.com/gocsaf/csaf/v3/internal/models"
+	"github.com/gocsaf/csaf/v3/internal/options"
 )
 
 const (
diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go
index fde4cd3a..f21fcc0d 100644
--- a/cmd/csaf_downloader/downloader.go
+++ b/cmd/csaf_downloader/downloader.go
@@ -33,8 +33,8 @@ import (
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"golang.org/x/time/rate"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 type downloader struct {
diff --git a/cmd/csaf_downloader/forwarder.go b/cmd/csaf_downloader/forwarder.go
index c3681eba..12d9fe4a 100644
--- a/cmd/csaf_downloader/forwarder.go
+++ b/cmd/csaf_downloader/forwarder.go
@@ -19,8 +19,8 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/csaf-poc/csaf_distribution/v3/internal/misc"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/internal/misc"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 // failedForwardDir is the name of the special sub folder
diff --git a/cmd/csaf_downloader/forwarder_test.go b/cmd/csaf_downloader/forwarder_test.go
index 907bbcea..25f0f1ff 100644
--- a/cmd/csaf_downloader/forwarder_test.go
+++ b/cmd/csaf_downloader/forwarder_test.go
@@ -23,8 +23,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/internal/options"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 func TestValidationStatusUpdate(t *testing.T) {
diff --git a/cmd/csaf_downloader/main.go b/cmd/csaf_downloader/main.go
index cc284bbc..fe6efd17 100644
--- a/cmd/csaf_downloader/main.go
+++ b/cmd/csaf_downloader/main.go
@@ -15,7 +15,7 @@ import (
 	"os"
 	"os/signal"
 
-	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
+	"github.com/gocsaf/csaf/v3/internal/options"
 )
 
 func run(cfg *config, domains []string) error {
diff --git a/cmd/csaf_provider/actions.go b/cmd/csaf_provider/actions.go
index 8f385e6e..18629832 100644
--- a/cmd/csaf_provider/actions.go
+++ b/cmd/csaf_provider/actions.go
@@ -26,8 +26,8 @@ import (
 	"github.com/ProtonMail/gopenpgp/v2/constants"
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 const dateFormat = time.RFC3339
diff --git a/cmd/csaf_provider/config.go b/cmd/csaf_provider/config.go
index 49a72047..826b7bf2 100644
--- a/cmd/csaf_provider/config.go
+++ b/cmd/csaf_provider/config.go
@@ -18,7 +18,7 @@ import (
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"golang.org/x/crypto/bcrypt"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
+	"github.com/gocsaf/csaf/v3/csaf"
 )
 
 const (
diff --git a/cmd/csaf_provider/create.go b/cmd/csaf_provider/create.go
index 56893c69..11e0b7c5 100644
--- a/cmd/csaf_provider/create.go
+++ b/cmd/csaf_provider/create.go
@@ -22,8 +22,8 @@ import (
 
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 // ensureFolders initializes the paths and call functions to create
diff --git a/cmd/csaf_provider/files.go b/cmd/csaf_provider/files.go
index 39a97e36..3b99ff5b 100644
--- a/cmd/csaf_provider/files.go
+++ b/cmd/csaf_provider/files.go
@@ -13,7 +13,7 @@ import (
 	"crypto/sha512"
 	"os"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 func writeHashedFile(fname, name string, data []byte, armored string) error {
diff --git a/cmd/csaf_provider/indices.go b/cmd/csaf_provider/indices.go
index 805371bb..a4eb97a6 100644
--- a/cmd/csaf_provider/indices.go
+++ b/cmd/csaf_provider/indices.go
@@ -18,7 +18,7 @@ import (
 	"sort"
 	"time"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 func updateIndex(dir, fname string) error {
diff --git a/cmd/csaf_provider/main.go b/cmd/csaf_provider/main.go
index 8740e814..6c858c9f 100644
--- a/cmd/csaf_provider/main.go
+++ b/cmd/csaf_provider/main.go
@@ -18,7 +18,7 @@ import (
 
 	"github.com/jessevdk/go-flags"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 type options struct {
diff --git a/cmd/csaf_provider/rolie.go b/cmd/csaf_provider/rolie.go
index 98448bd3..d9717b14 100644
--- a/cmd/csaf_provider/rolie.go
+++ b/cmd/csaf_provider/rolie.go
@@ -15,8 +15,8 @@ import (
 	"strings"
 	"time"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 // mergeCategories merges the given categories into the old ones.
diff --git a/cmd/csaf_provider/transaction.go b/cmd/csaf_provider/transaction.go
index 1b66ae0a..c4c93a80 100644
--- a/cmd/csaf_provider/transaction.go
+++ b/cmd/csaf_provider/transaction.go
@@ -12,8 +12,8 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 func doTransaction(
diff --git a/cmd/csaf_uploader/config.go b/cmd/csaf_uploader/config.go
index a83361c7..ceecff78 100644
--- a/cmd/csaf_uploader/config.go
+++ b/cmd/csaf_uploader/config.go
@@ -18,8 +18,8 @@ import (
 	"golang.org/x/crypto/bcrypt"
 	"golang.org/x/term"
 
-	"github.com/csaf-poc/csaf_distribution/v3/internal/certs"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
+	"github.com/gocsaf/csaf/v3/internal/certs"
+	"github.com/gocsaf/csaf/v3/internal/options"
 )
 
 const (
diff --git a/cmd/csaf_uploader/main.go b/cmd/csaf_uploader/main.go
index 20f89fdf..db1cef40 100644
--- a/cmd/csaf_uploader/main.go
+++ b/cmd/csaf_uploader/main.go
@@ -9,7 +9,7 @@
 // Implements a command line tool that uploads csaf documents to csaf_provider.
 package main
 
-import "github.com/csaf-poc/csaf_distribution/v3/internal/options"
+import "github.com/gocsaf/csaf/v3/internal/options"
 
 func main() {
 	args, cfg, err := parseArgsConfig()
diff --git a/cmd/csaf_uploader/processor.go b/cmd/csaf_uploader/processor.go
index 45988652..b57cafb9 100644
--- a/cmd/csaf_uploader/processor.go
+++ b/cmd/csaf_uploader/processor.go
@@ -26,9 +26,9 @@ import (
 	"github.com/ProtonMail/gopenpgp/v2/constants"
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/misc"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/internal/misc"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 type processor struct {
diff --git a/cmd/csaf_validator/main.go b/cmd/csaf_validator/main.go
index f6aecc4b..b07c2f49 100644
--- a/cmd/csaf_validator/main.go
+++ b/cmd/csaf_validator/main.go
@@ -18,8 +18,8 @@ import (
 
 	"github.com/jessevdk/go-flags"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 type options struct {
diff --git a/csaf/advisories.go b/csaf/advisories.go
index 6f07648b..c51c84c7 100644
--- a/csaf/advisories.go
+++ b/csaf/advisories.go
@@ -19,7 +19,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 // AdvisoryFile constructs the urls of a remote file.
diff --git a/csaf/models.go b/csaf/models.go
index c7e507dd..c4b132d9 100644
--- a/csaf/models.go
+++ b/csaf/models.go
@@ -17,7 +17,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 // TLPLabel is the traffic light policy of the CSAF.
diff --git a/csaf/providermetaloader.go b/csaf/providermetaloader.go
index b21ddc61..b28b606a 100644
--- a/csaf/providermetaloader.go
+++ b/csaf/providermetaloader.go
@@ -18,7 +18,7 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 // ProviderMetadataLoader helps load provider-metadata.json from
diff --git a/csaf/rolie.go b/csaf/rolie.go
index c2b5b085..b94cfa30 100644
--- a/csaf/rolie.go
+++ b/csaf/rolie.go
@@ -14,7 +14,7 @@ import (
 	"sort"
 	"time"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 // ROLIEServiceWorkspaceCollectionCategoriesCategory is a category in a ROLIE service collection.
diff --git a/csaf/summary.go b/csaf/summary.go
index 72d2faf9..b10dd657 100644
--- a/csaf/summary.go
+++ b/csaf/summary.go
@@ -11,7 +11,7 @@ package csaf
 import (
 	"time"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 const (
diff --git a/docs/csaf_checker.md b/docs/csaf_checker.md
index 0b223b68..51525017 100644
--- a/docs/csaf_checker.md
+++ b/docs/csaf_checker.md
@@ -93,7 +93,7 @@ ignorepattern = [".*white.*", ".*red.*"]
 
 The `role` given in the `provider-metadata.json` is not
 yet considered to change the overall result,
-see <https://github.com/csaf-poc/csaf_distribution/issues/221> .
+see <https://github.com/gocsaf/csaf/issues/221> .
 
 If a provider hosts one or more advisories with a TLP level of AMBER or RED, then these advisories must be access protected.
 To check these advisories, authorization can be given via custom headers or certificates.
diff --git a/docs/csaf_provider.md b/docs/csaf_provider.md
index 81a45fa2..b88924dc 100644
--- a/docs/csaf_provider.md
+++ b/docs/csaf_provider.md
@@ -141,5 +141,5 @@ contact_details = "Example Company can be reached at contact_us@example.com, or
 
 There is an experimental upload interface which works with a web browser.
 It is disabled by default, as there are known issues, notably:
- * https://github.com/csaf-poc/csaf_distribution/issues/43
- * https://github.com/csaf-poc/csaf_distribution/issues/256
+ * https://github.com/gocsaf/csaf/issues/43
+ * https://github.com/gocsaf/csaf/issues/256
diff --git a/docs/provider-setup.md b/docs/provider-setup.md
index 3f07fd0a..48c29d03 100644
--- a/docs/provider-setup.md
+++ b/docs/provider-setup.md
@@ -115,7 +115,7 @@ sudo chmod g+r,o-rwx /etc/csaf/config.toml
 
 Here is a minimal example configuration,
 which you need to customize for a production setup,
-see the [options of `csaf_provider`](https://github.com/csaf-poc/csaf_distribution/blob/main/docs/csaf_provider.md).
+see the [options of `csaf_provider`](https://github.com/gocsaf/csaf/blob/main/docs/csaf_provider.md).
 
 <!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/setupProviderForITest.sh&lines=94-101) -->
 <!-- The below code snippet is automatically added from ../docs/scripts/setupProviderForITest.sh -->
diff --git a/docs/scripts/Readme.md b/docs/scripts/Readme.md
index 95f39b2a..77e8daed 100644
--- a/docs/scripts/Readme.md
+++ b/docs/scripts/Readme.md
@@ -1,7 +1,7 @@
 Scripts for assisting the Integration tests.
 They were written on Ubuntu 20.04 TLS amd64 and also tested with 24.04 TLS.
 
-- `prepareUbuntuInstanceForITests.sh` installs the required packages for the csaf_distribution integration tests on a naked ubuntu LTS amd64.
+- `prepareUbuntuInstanceForITests.sh` installs the required packages for the csaf integration tests on a naked Ubuntu LTS amd64.
 
 - `TLSConfigsForITest.sh` generates a root CA and webserver cert by running `createRootCAForITest.sh` and `createWebserverCertForITest.sh`
 and configures nginx for serving TLS connections.
@@ -14,11 +14,11 @@ As creating the folders needs to authenticate with the csaf_provider, the config
 
 Calling example (as user with sudo privileges):
 ``` bash
-    curl --fail -O https://raw.githubusercontent.com/csaf-poc/csaf_distribution/main/docs/scripts/prepareUbuntuInstanceForITests.sh
+    curl --fail -O https://raw.githubusercontent.com/gocsaf/csaf/main/docs/scripts/prepareUbuntuInstanceForITests.sh
     sudo bash prepareUbuntuInstanceForITests.sh
 
-    git clone https://github.com/csaf-poc/csaf_distribution.git # --branch <name>
-    pushd csaf_distribution/docs/scripts/
+    git clone https://github.com/gocsaf/csaf.git # --branch <name>
+    pushd csaf/docs/scripts/
 
     export FOLDERNAME=devca1 ORGANAME="CSAF Tools Development (internal)"
     source ./TLSConfigsForITest.sh
diff --git a/docs/scripts/TLSClientConfigsForITest.sh b/docs/scripts/TLSClientConfigsForITest.sh
index 1f941175..830666fa 100755
--- a/docs/scripts/TLSClientConfigsForITest.sh
+++ b/docs/scripts/TLSClientConfigsForITest.sh
@@ -18,7 +18,7 @@ set -e
 
 NGINX_CONFIG_PATH=/etc/nginx/sites-available/default
 
-cd ~/csaf_distribution/docs/scripts/
+cd ~/csaf/docs/scripts/
 source ./createCCForITest.sh
 
 echo '
diff --git a/docs/scripts/TLSConfigsForITest.sh b/docs/scripts/TLSConfigsForITest.sh
index c1a5420a..d7c06f9f 100644
--- a/docs/scripts/TLSConfigsForITest.sh
+++ b/docs/scripts/TLSConfigsForITest.sh
@@ -17,7 +17,7 @@ set -e
 
 NGINX_CONFIG_PATH=/etc/nginx/sites-available/default
 
-cd ~/csaf_distribution/docs/scripts/
+cd ~/csaf/docs/scripts/
 ## Create Root CA
 ./createRootCAForITest.sh
 
diff --git a/docs/scripts/prepareUbuntuInstanceForITests.sh b/docs/scripts/prepareUbuntuInstanceForITests.sh
index ea88fc42..75ce44b9 100755
--- a/docs/scripts/prepareUbuntuInstanceForITests.sh
+++ b/docs/scripts/prepareUbuntuInstanceForITests.sh
@@ -2,7 +2,7 @@
 set -e
 
 # This script prepares a naked Ubuntu LTS amd64
-# for the csaf_distribution integration tests
+# for the csaf integration tests
 # by installing the required packages.
 
 apt update
diff --git a/docs/scripts/testAggregator.sh b/docs/scripts/testAggregator.sh
index 366ac075..f6322f62 100755
--- a/docs/scripts/testAggregator.sh
+++ b/docs/scripts/testAggregator.sh
@@ -29,6 +29,6 @@ popd
 echo
 echo '=== run aggregator'
 
-cd ~/csaf_distribution/
+cd ~/csaf/
 sudo cp docs/examples/aggregator.toml /etc/csaf
 sudo ./bin-linux-amd64/csaf_aggregator -c /etc/csaf/aggregator.toml
diff --git a/docs/scripts/testChecker.sh b/docs/scripts/testChecker.sh
index cb45aad6..28474d01 100755
--- a/docs/scripts/testChecker.sh
+++ b/docs/scripts/testChecker.sh
@@ -11,7 +11,7 @@
 set -e  # to exit if a command in the script fails
 
 echo '==== run checker (twice)'
-cd ~/csaf_distribution
+cd ~/csaf
 
 ./bin-linux-amd64/csaf_checker -f html -o ../checker-results.html --insecure \
   --client_cert ~/devca1/testclient1.crt \
diff --git a/docs/scripts/testDownloader.sh b/docs/scripts/testDownloader.sh
index c4b9bced..6326536a 100755
--- a/docs/scripts/testDownloader.sh
+++ b/docs/scripts/testDownloader.sh
@@ -10,7 +10,7 @@
 
 set -e  # to exit if a command in the script fails
 
-cd ~/csaf_distribution
+cd ~/csaf
 
 echo
 echo '==== run downloader (1)'
diff --git a/examples/README.md b/examples/README.md
index a70ea09a..c525e96e 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -1,6 +1,6 @@
 # API examples
 
-An experimental example of how to use `github.com/csaf-poc/csaf_distribution`
+An experimental example of how to use `github.com/gocsaf/csaf`
 as a library.
 As usage of the repository as an API is currently a _work in progress_,
 these examples are likely to be changed.
diff --git a/examples/purls_searcher/main.go b/examples/purls_searcher/main.go
index c1ec3e19..72fb976d 100644
--- a/examples/purls_searcher/main.go
+++ b/examples/purls_searcher/main.go
@@ -1,5 +1,5 @@
 // Package main implements a simple demo program to
-// work with the csaf_distribution library.
+// work with the csaf library.
 package main
 
 import (
@@ -9,8 +9,8 @@ import (
 	"os"
 	"strings"
 
-	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/csaf"
+	"github.com/gocsaf/csaf/v3/util"
 )
 
 func main() {
diff --git a/go.mod b/go.mod
index 52f1f024..c8101f04 100644
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module github.com/csaf-poc/csaf_distribution/v3
+module github.com/gocsaf/csaf/v3
 
 go 1.22
 
diff --git a/internal/options/options.go b/internal/options/options.go
index c0ad2bc1..3a4867fd 100644
--- a/internal/options/options.go
+++ b/internal/options/options.go
@@ -15,7 +15,7 @@ import (
 	"log/slog"
 	"os"
 
-	"github.com/csaf-poc/csaf_distribution/v3/util"
+	"github.com/gocsaf/csaf/v3/util"
 
 	"github.com/BurntSushi/toml"
 	"github.com/jessevdk/go-flags"