1 |
Ühel kenal päeval, T, 11.04.2017 kell 22:10, kirjutas Michał Górny: |
2 |
> Officially list the slot="" attribute that is used in GLSAs for quite |
3 |
> some time in the DTD. It is supported by Portage and gentoolkit for |
4 |
> a long time, and was used in GLSAs interchangeably with implicit |
5 |
> appended ':slot' to the version. However, the latter was ugly and |
6 |
> worked |
7 |
> only by accident, so we are moving towards the former. |
8 |
|
9 |
':slot' version was only used for less than a day until it was reverted |
10 |
back to slot attribute. Slot attributes are used since January or so in |
11 |
existing GLSAs where needed to avoid old slot version bumps starting to |
12 |
give false positives, e.g libpng and such. |
13 |
|
14 |
For further context for other readers, slot="" attribute support has |
15 |
been in glsa-check for at least Q4 2008, potentially Q3 2007. The code |
16 |
was synced to portage near there as well I believe (for @security and |
17 |
such usage). |
18 |
|
19 |
> --- |
20 |
> glsa.dtd | 4 +++- |
21 |
> 1 file changed, 3 insertions(+), 1 deletion(-) |
22 |
> |
23 |
> diff --git a/glsa.dtd b/glsa.dtd |
24 |
> index 52be18e..22237b0 100644 |
25 |
> --- a/glsa.dtd |
26 |
> +++ b/glsa.dtd |
27 |
> @@ -124,7 +124,8 @@ |
28 |
> Description: Version of the vulnerable package. Can be a range |
29 |
> too |
30 |
|
31 |
Maybe some slot attribute documentation could be added as well, similar |
32 |
to how the original patch attached to https://bugs.gentoo.org/106677 |
33 |
did? Though not the "*" stuff, that feels wrong and should be just |
34 |
omitted attribute for that. |
35 |
|
36 |
|
37 |
Mart |