1 |
On Fri, 22 Aug 2003 19:45:46 +0100 |
2 |
James Harlow <james@××××××××××××××.nu> wrote: |
3 |
|
4 |
> It would be nice if the solution and the command became mandatory, and |
5 |
> the command was formatted so that it could be run with /bin/sh. |
6 |
|
7 |
I don't like that for several reasons: |
8 |
- it's not necessary if a simple package upgrade can solve the issue |
9 |
- there are general concerns about the inclusion of the <command> tag |
10 |
|
11 |
> It's also my feeling that the exploit element should become an |
12 |
> attribute so it can be checked - for example, if I'm writing a tool to |
13 |
> secure a firewall while I'm on holiday, it would be essential to |
14 |
> update remote holes, but less essential to update local holes. |
15 |
|
16 |
I don't understand this, why would an attribute be better than an |
17 |
element? I might *add* an attribute to the exploit tag if we can define |
18 |
the possible values for that. |
19 |
|
20 |
> And lastly and cosmetically, dates are normally represented as a |
21 |
> day/month/year structure. In the version element, I think that you |
22 |
> should get rid of the including attribute and extend the range |
23 |
> attribute with greater-or-equal / less-than-or-equal. It's just my |
24 |
> feeling that this will create more readable xml documents... |
25 |
|
26 |
As said by Paul and Chris, the YYYYMMDD format is better suited and I'll |
27 |
change the tool and the example to use it. For the version format, I'll |
28 |
put that in the queue as there might be more changes necessary (see |
29 |
Pauls request for a between tag). |
30 |
|
31 |
Marius |
32 |
|
33 |
-- |
34 |
gentoo-dev@g.o mailing list |