From nobody Thu Oct 14 13:58:01 2021 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 02AB117FEF25 for ; Thu, 14 Oct 2021 13:58:18 +0000 (UTC) (envelope-from decke@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HVWFj6TRHz3mr8 for ; Thu, 14 Oct 2021 13:58:17 +0000 (UTC) (envelope-from decke@freebsd.org) Received: from mail-il1-f180.google.com (mail-il1-f180.google.com [209.85.166.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: decke) by smtp.freebsd.org (Postfix) with ESMTPSA id B2DAE335B for ; Thu, 14 Oct 2021 13:58:17 +0000 (UTC) (envelope-from decke@freebsd.org) Received: by mail-il1-f180.google.com with SMTP id s3so3668423ild.0 for ; Thu, 14 Oct 2021 06:58:17 -0700 (PDT) X-Gm-Message-State: AOAM531Buct92+vJFyvfcj3PrytOVQiwkJ5XKTQng6d2Ogqy+qw6aHfF abYdsE+suo2l+eIRgtjKVe0zVix8eF083v7UULa4jw== X-Google-Smtp-Source: ABdhPJz0QjmItSqNMyxtupCqYPb9AjmzTVV4CA85nBuiAF+R3L0jH0J3Wb5zpkVd7xie23judLPqdMPpH5Nq6hQ3Pio= X-Received: by 2002:a05:6e02:178d:: with SMTP id y13mr2642952ilu.184.1634219897030; Thu, 14 Oct 2021 06:58:17 -0700 (PDT) List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 References: <20211014.200731.1708218659985202223.yasu@FreeBSD.org> <07c45bce-fa7a-2577-4e56-d3e88a8b46e4@madpilot.net> <20211014.224312.1851469902312960663.yasu@FreeBSD.org> In-Reply-To: <20211014.224312.1851469902312960663.yasu@FreeBSD.org> From: =?UTF-8?Q?Bernhard_Fr=C3=B6hlich?= Date: Thu, 14 Oct 2021 15:58:01 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Adding CPE information To: Yasuhiro Kimura Cc: freebsd-ports@freebsd.org Content-Type: text/plain; charset="UTF-8" X-ThisMailContainsUnwantedMimeParts: N On Thu, Oct 14, 2021 at 3:44 PM Yasuhiro Kimura wrote: > > From: Guido Falsi > Subject: Re: Adding CPE information > Date: Thu, 14 Oct 2021 14:58:04 +0200 > > >> It seems recently some committers are working to add CPE information > >> to many ports. I don't know why it started. But if it is intended to > >> add CPE information to all (or most of ) ports, isn't it better to > >> modify ports framework so CPE intormation is added to each ports by > >> default? > >> > > > > AFAIK that's already in the tree. The framework tries to extrapolate > > CPE information from PORTNAME and other variables. > > Yes, but it isn't enabled by default. You need to add 'USES=cpe` to > Makefile if you want to add CPE information to specific port. What I > proposed is to change framework so CPE information is added to all > ports without adding 'USES=cpe' to Makefile of each port. > > > Unluckily most of the time it is actually impossible to get correct > > information and some other variables with the correct details, which > > are not necessarily logical or in any way connected with the > > information already present) need to be added by hand after manual > > discovery. > > I understand manual work is required to set the value of related > variables correctly. But it is always necessary whether we add CPE > information by changing framework of we do it by adding 'USES=cpe' to > Makefile of each port. And assuming that it is intended to add CPE > information to all ports, I think the former requires less work volume > than the latter. No, that does not work because valid CPE entries only exist if the software product was mentioned in a CVE or the CPE entry was reserved which is a rare case. -- Bernhard Froehlich http://www.bluelife.at/