Re: Schema reorganization for package_notes table

To: Florian Weimer <fw@deneb.enyo.de>
Cc: debian-security-tracker@lists.debian.org, helmut@subdivi.de
Subject: Re: Schema reorganization for package_notes table
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Tue, 4 Feb 2014 18:49:53 +0100
Message-id: <[🔎] 20140204174952.GA4807@pisco.westfalen.local>
In-reply-to: <[🔎] 8761oxdxmp.fsf@mid.deneb.enyo.de>
References: <[🔎] 8761oxdxmp.fsf@mid.deneb.enyo.de>

On Sun, Feb 02, 2014 at 10:15:42PM +0100, Florian Weimer wrote:
> The package_notes table currently looks like this:
> 
> CREATE TABLE package_notes
>         (id INTEGER NOT NULL PRIMARY KEY,
>          bug_name TEXT NOT NULL,
>          package TEXT NOT NULL,
>          fixed_version TEXT
>              CHECK (fixed_version IS NULL OR fixed_version <> ''),
>          fixed_version_id INTEGER NOT NULL DEFAULT 0,
>          release TEXT NOT NULL,
>          package_kind TEXT NOT NULL DEFAULT 'unknown',
>          urgency TEXT NOT NULL,
>          bug_origin TEXT NOT NULL DEFAULT '');
> 
> I plan to change it to something like this:
> 
> CREATE TABLE package_notes
>         (id INTEGER NOT NULL PRIMARY KEY,
>          bug_name TEXT NOT NULL,
>          tag TEXT NOT NULL,
>          freetext TEXT,
>          package TEXT NOT NULL,
>          fixed_version TEXT,
>          release TEXT,
>          urgency TEXT,
>          bug_filed INTEGER NOT NULL DEFAULT 0);
> 
> fixed_version_id is an implementation detail of the approach to
> version ordering; I may have to keep it until other reorganizations
> are done.  Same for bug_origin.
> 
> The significant change is the addition of the "tag" column.  I think
> we'll need the following values:
> 
>       plain
>       itp
>       removed
>       undetermined
>       no-dsa
>       not-affected
>       end-of-life
>
> 'plain' combines fixed and unfixed package annotations, depending on
> the fixed_version column.  The other tags correspond to the
> pseudo-versions inside <...>.
> 
> I'm not yet sure if the 'no-dsa' tag makes the existing
> package_notes_nodsa table superfluous, but it looks like it is
> possible to replace it with a view.
> 
> fixed_version can now be empty, replacing the artifical '0' marker
> which is used for encoding <not-affected> at present.
> 
> "freetext" records the free-form text in the (...) part, something
> that we currently emit as NOTEs.
> 
> "bug_filed" indicates whether there was a "bug filed" marker in the
> (...) part.  (It's actually a boolean column, but SQLite doesn't
> support that directly.)  The actual bug numbers are still supplied by
> the package_notes_bug table.
> 
> On the Python side, much the subclassing around the PackageNote class
> in the bugs module will go, and only a PackageNote and a StringNode
> will remain, probably as named tuples.  Data parsed from the file and
> loaded from the database will be represented identically.
> 
> My hope is that with the explicitly encoded tags, it will be possible
> to make the per-bug/package vulnerability decision logic more
> explicit.  We currently have three or four different implementations,
> both in SQLite statements and in Python, and this keeps causing
> problems.  If the new implementation is fast enough, it will be
> possible to avoid pre-computing all the vulnerability information,
> which should speed up database updates from Subversion.
> 
> Any comments?  

Looks good to me from a high level view.

> Are there any other users of the SQL schema besides the
> web application?

Helmut was planning to integrate the security tracker data into UDD, adding
him to CC.

Cheers,
        Moritz

Reply to:

References:
- Schema reorganization for package_notes table
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: External check
Next by Date: External check
Previous by thread: Schema reorganization for package_notes table
Next by thread: External check
Index(es):
- Date
- Thread