| 1 |
Ühel kenal päeval, T, 11.04.2017 kell 22:10, kirjutas Michał Górny: |
| 2 |
> Officially list the slot="" attribute that is used in GLSAs for quite |
| 3 |
> some time in the DTD. It is supported by Portage and gentoolkit for |
| 4 |
> a long time, and was used in GLSAs interchangeably with implicit |
| 5 |
> appended ':slot' to the version. However, the latter was ugly and |
| 6 |
> worked |
| 7 |
> only by accident, so we are moving towards the former. |
| 8 |
|
| 9 |
':slot' version was only used for less than a day until it was reverted |
| 10 |
back to slot attribute. Slot attributes are used since January or so in |
| 11 |
existing GLSAs where needed to avoid old slot version bumps starting to |
| 12 |
give false positives, e.g libpng and such. |
| 13 |
|
| 14 |
For further context for other readers, slot="" attribute support has |
| 15 |
been in glsa-check for at least Q4 2008, potentially Q3 2007. The code |
| 16 |
was synced to portage near there as well I believe (for @security and |
| 17 |
such usage). |
| 18 |
|
| 19 |
> --- |
| 20 |
> glsa.dtd | 4 +++- |
| 21 |
> 1 file changed, 3 insertions(+), 1 deletion(-) |
| 22 |
> |
| 23 |
> diff --git a/glsa.dtd b/glsa.dtd |
| 24 |
> index 52be18e..22237b0 100644 |
| 25 |
> --- a/glsa.dtd |
| 26 |
> +++ b/glsa.dtd |
| 27 |
> @@ -124,7 +124,8 @@ |
| 28 |
> Description: Version of the vulnerable package. Can be a range |
| 29 |
> too |
| 30 |
|
| 31 |
Maybe some slot attribute documentation could be added as well, similar |
| 32 |
to how the original patch attached to https://bugs.gentoo.org/106677 |
| 33 |
did? Though not the "*" stuff, that feels wrong and should be just |
| 34 |
omitted attribute for that. |
| 35 |
|
| 36 |
|
| 37 |
Mart |
Archives