Hi Paul,
On Donnerstag, 26. Februar 2015, Paul Wise wrote:
> I noticed the description fields are truncated, is that intentional?
that's all that is stored in the db...
> What about making the structure like this?
why? :)
> I'm guessing the code only
> produces one instance of each package.
yes
> {
> "package1": {...},
> "package2": {...},
> }
>
> > I haven't tested the output against a json validator yet... so feedback
> > welcome and I do expect some more work to do...
>
> Not a helpful error but the Python json loader tracebacks, try:
> >>> import json
> >>> with open('json') as f: data = json.load(f)
thanks, will give it a try later. (Currently waiting for more feedback before
touching the code again...)
> > - should the output include description fields if the value is "null"?
> > - should the output include nodsa fields if the value is "null"?
> > - should the output include remote fields if the value is "null"?
> Probably not.
ack
> > - for the releases with issue status != "resolved", should the version be
> > ommitted? (as its rather meaningless then... also the repositories fields
> > also contain those versions. (and those should be kept IMO)
> Hmm, I wouldn't have thought there would be a version present for
> unfixed issues? The raw data in the CVE list certainly doesn't have
> version numbers for unfixed issues.
the tracker shows them all the time, eg on
https://security-tracker.debian.org/tracker/CVE-2013-2131
> I'm thinking omit such versions.
/me too
cheers,
Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.