Hi Paul, On Donnerstag, 26. Februar 2015, Paul Wise wrote: > I noticed the description fields are truncated, is that intentional? that's all that is stored in the db... > What about making the structure like this? why? :) > I'm guessing the code only > produces one instance of each package. yes > { > "package1": {...}, > "package2": {...}, > } > > > I haven't tested the output against a json validator yet... so feedback > > welcome and I do expect some more work to do... > > Not a helpful error but the Python json loader tracebacks, try: > >>> import json > >>> with open('json') as f: data = json.load(f) thanks, will give it a try later. (Currently waiting for more feedback before touching the code again...) > > - should the output include description fields if the value is "null"? > > - should the output include nodsa fields if the value is "null"? > > - should the output include remote fields if the value is "null"? > Probably not. ack > > - for the releases with issue status != "resolved", should the version be > > ommitted? (as its rather meaningless then... also the repositories fields > > also contain those versions. (and those should be kept IMO) > Hmm, I wouldn't have thought there would be a version present for > unfixed issues? The raw data in the CVE list certainly doesn't have > version numbers for unfixed issues. the tracker shows them all the time, eg on https://security-tracker.debian.org/tracker/CVE-2013-2131 > I'm thinking omit such versions. /me too cheers, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.