From owner-freebsd-vuxml@FreeBSD.ORG Fri Jan 14 00:17:37 2005 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 276FC16A4CE; Fri, 14 Jan 2005 00:17:37 +0000 (GMT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA23B43D3F; Fri, 14 Jan 2005 00:17:36 +0000 (GMT) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 5BFC53D40; Thu, 13 Jan 2005 19:17:36 -0500 (EST) From: "Dan Langille" To: "Simon L. Nielsen" Date: Thu, 13 Jan 2005 19:19:38 -0500 MIME-Version: 1.0 Message-ID: <41E6C9CA.27780.93AAC789@localhost> Priority: normal In-reply-to: <20041217185000.GB762@zaphod.nitro.dk> References: <41C2D30F.16142.730D56B@localhost> X-mailer: Pegasus Mail for Windows (4.21c) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body cc: freebsd-vuxml@freebsd.org Subject: Re: Do you respect the date_modified field? X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jan 2005 00:17:37 -0000 On 17 Dec 2004 at 19:50, Simon L. Nielsen wrote: > On 2004.12.17 12:37:35 -0500, Dan Langille wrote: > > At present, FreshPorts deletes all VuXML information each time a > > commit to ~/ports/security/vuxml/vuln.xml occurs. To reduce database > > churn, I'm now looking at optimizing this process. > > > > I expect the answer to my question to be yes, but do not want to rely > > upon only my expectation. Do you respect the date_modified field? > > In general yes, though of course there can be slips sometimes. Of > course, if FreshPorts starts to use the modified date I think it's > even more likely that modified date will be updated correctly since > people will notice if it wasn't bumped. > > I almost always check my entries on FreshPorts after commit as an > extra check that I havn't made any mistakes in the committed entry... > > > I ask for reasons of keeping things simple. FreshPorts inserts each > > vuln into a table. Is it sufficient for FreshPorts to compare the > > last_modified field as supplied in vuln.xml to determine whether or > > not it should update its information? > > Not quite that simple unfortunatly. Modified date is not updated when > an entry is modified the same day as when it was originally added, or > if the modified date already has been bumped once on the date of the > commit. So you need to update for all entries which has either > modification or entry date today... actually you probably need to take > entries from the date before and after also due to timezone's. But > that should still reduce the number of entries that must bed update > considerably. > > Actually it should be rather simple to generate the real modification > date for each entry using "cvs annotate vuln.xml"... I might play > around with that later today :-). I just had a test run of this code. FreshPorts ignores any vuln that does not contain at least one date field that is within 2 days of the current date. This can be overridden on the command line so that all entries are processed, regardless of date. I'll move this to production soon. cheers -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/