From owner-freebsd-vuxml@FreeBSD.ORG Thu May 6 09:34:17 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A335216A4CE for ; Thu, 6 May 2004 09:34:17 -0700 (PDT) Received: from cybersport.hu (cybersport.hu [80.95.79.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0010C43D3F for ; Thu, 6 May 2004 09:34:16 -0700 (PDT) (envelope-from robert@openbsd.org) Received: from [81.182.166.68] (68.166-182-adsl-pool.axelero.hu [81.182.166.68]) by cybersport.hu (Postfix) with ESMTP id E3B547070 for ; Thu, 6 May 2004 18:34:53 +0200 (CEST) From: Robert Nagy To: freebsd-vuxml@freebsd.org In-Reply-To: <20040506161853.GA649@lum.celabo.org> References: <20040506161853.GA649@lum.celabo.org> Content-Type: text/plain Organization: Message-Id: <1083861289.3310.58.camel@enterprise.hu> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.4 Date: 06 May 2004 18:34:49 +0200 Content-Transfer-Encoding: 7bit Subject: Re: Adding `branches' to VuXML X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 May 2004 16:34:17 -0000 On Thu, 2004-05-06 at 18:18, Jacques A. Vidrine wrote: > Hi All, > > Robert Nagy of OpenBSD requested the addition of `branches' to > VuXML. I expected that he would be posting a proposal here, but since I > haven't seen it I'll give it a shot on my own. > > In FreeBSD, we do not branch the Ports Collection like we do the base > system. However, it seems that OpenBSD's Ports & Packages Collection > *does* use branches. Thus, it is possible for a security issue to > affect foo-1.1 in branch BRANCH_X, but not foo-1.1 in BRANCH_Y. > Currently, it is not possible to express this in VuXML, short of > maintaining separate VuXML files for each branch (e.g. branching the > VuXML file, also). > > So, here is a suggested extension by example. > > The element in VuXML 1.1 has two child elements, and > . These behave as a kind of cross-product: it expresses that > the affected packages are all of those combinations of name and range. > e.g. > > > foo > bar > 2.02.2 > 1.5 > > > expresses that these ranges are affected: > > foo < 1.5 > 2.0 <= foo < 2.2 > bar < 1.5 > 2.0 <= bar < 2.2 > > (Note also that there can be multiple elements for an issue.) > > So one possibility would be to add a child element: > > > > BRANCH_X > BRANCH_Y > foo > foo-1.1 > > > The content model for and are the same. I wonder if > the optional presence of the child element for will > cause any confusion? Right now, for issues that affect the FreeBSD base > system, we just use version numbers without reference to the branch. > e.g. > > FreeBSD > 5.05.2_6 > 4.94.9_6 > 4.04.8_19 > > > Anyway ... comments? Thanks. Sorry i totally forgot about this. I've shitloads to do. Yeah I like it. -- Robert Nagy