| 1 |
On Fri, 22 Aug 2003 19:45:46 +0100 |
| 2 |
James Harlow <james@××××××××××××××.nu> wrote: |
| 3 |
|
| 4 |
> It would be nice if the solution and the command became mandatory, and |
| 5 |
> the command was formatted so that it could be run with /bin/sh. |
| 6 |
|
| 7 |
I don't like that for several reasons: |
| 8 |
- it's not necessary if a simple package upgrade can solve the issue |
| 9 |
- there are general concerns about the inclusion of the <command> tag |
| 10 |
|
| 11 |
> It's also my feeling that the exploit element should become an |
| 12 |
> attribute so it can be checked - for example, if I'm writing a tool to |
| 13 |
> secure a firewall while I'm on holiday, it would be essential to |
| 14 |
> update remote holes, but less essential to update local holes. |
| 15 |
|
| 16 |
I don't understand this, why would an attribute be better than an |
| 17 |
element? I might *add* an attribute to the exploit tag if we can define |
| 18 |
the possible values for that. |
| 19 |
|
| 20 |
> And lastly and cosmetically, dates are normally represented as a |
| 21 |
> day/month/year structure. In the version element, I think that you |
| 22 |
> should get rid of the including attribute and extend the range |
| 23 |
> attribute with greater-or-equal / less-than-or-equal. It's just my |
| 24 |
> feeling that this will create more readable xml documents... |
| 25 |
|
| 26 |
As said by Paul and Chris, the YYYYMMDD format is better suited and I'll |
| 27 |
change the tool and the example to use it. For the version format, I'll |
| 28 |
put that in the queue as there might be more changes necessary (see |
| 29 |
Pauls request for a between tag). |
| 30 |
|
| 31 |
Marius |
| 32 |
|
| 33 |
-- |
| 34 |
gentoo-dev@g.o mailing list |
Archives