Re: UpstreamMetadata extension for security scan

To: Neil Williams <codehelp@debian.org>
Cc: debian-med@lists.debian.org
Subject: Re: UpstreamMetadata extension for security scan
From: Andreas Tille <tille@debian.org>
Date: Fri, 26 Aug 2022 12:23:01 +0200
Message-id: <[🔎] YwifBWeCTbZM3Bnd@an3as.eu>
In-reply-to: <[🔎] 20220826102444.6d94fd0f@felix.codehelp>
References: <[🔎] 20220826102444.6d94fd0f@felix.codehelp>

Hi Neil,

Am Fri, Aug 26, 2022 at 10:24:44AM +0100 schrieb Neil Williams:
> The important change here is to include a list of dictionaries in YAML
> format instead of simpler key: value strings. This would mean that
> parsers of metadata would need to use a YAML parser.

That's not new.  We are using this for references to scientific publications.
 
> My work would use this information via UDD to provide information about
> the status of LTS releases, in combination with the open CVEs and other
> information about the security status of the package in older Debian
> releases.

For an UDD import you can check the upstream_reader in UDD[1]
 
> Would it be a problem to include the Releases dictionary into
> debian/upstream/metadata ?

Adding anything is no problem at all.  If you want to see it in
UDD you need to enhance the according code (defining an UDD table
and adding the code that imports the data into that table).

Kind regards

      Andreas.

[1] https://salsa.debian.org/qa/udd/-/blob/master/udd/upstream_reader.py

-- 
http://fam-tille.de

Reply to:

References:
- UpstreamMetadata extension for security scan
  - From: Neil Williams <codehelp@debian.org>

Prev by Date: UpstreamMetadata extension for security scan
Next by Date: Re: Finishing ncbi-vdb and sra-sdk
Previous by thread: UpstreamMetadata extension for security scan
Next by thread: RFS -- Added autopkgtests for emperor
Index(es):
- Date
- Thread