Bug#908678: Testing the filter-branch scripts

To: Daniel Lange <DLange@debian.org>, 908678@bugs.debian.org
Cc: Guido Günther <agx@sigxcpu.org>, Bastian Blank <waldi@debian.org>
Subject: Bug#908678: Testing the filter-branch scripts
From: Antoine Beaupré <anarcat@debian.org>
Date: Tue, 13 Nov 2018 10:56:24 -0500
Message-id: <[🔎] 87lg5xnf87.fsf@curie.anarc.at>
Reply-to: Antoine Beaupré <anarcat@debian.org>, 908678@bugs.debian.org
In-reply-to: <[🔎] 87ftw68b2l.fsf@curie.anarc.at>
References: <20180912131055.srfkzw5nefmcoqnh@shell.thinkmo.de> <48a81bd6-3e71-50b1-0c59-c94fbbd58a94@debian.org> <[🔎] 87y3a2hshp.fsf@curie.anarc.at> <[🔎] 87sh09j1gs.fsf@curie.anarc.at> <[🔎] 0441f349-c363-b0f3-4731-f237399c864e@debian.org> <[🔎] 87ftw68b2l.fsf@curie.anarc.at> <20180912131055.srfkzw5nefmcoqnh@shell.thinkmo.de>

On 2018-11-12 12:22:58, Antoine Beaupré wrote:
> I'll start a run on the whole history to see if I can find any problems,
> as soon as a first clone finishes resolving those damn deltas. ;)

The Python job finished successfully here after 10 hours.

I did some tests on the new git repository. Cloning the repository from
scratch takes around 2 minutes (the original repo: 21 minutes). It is
145MB while the original repo is 1.6GB.

Running git annotate on data/CVE/list.2018 takes about 26 seconds, while
it takes basically forever to annotate the original data/CVE/list. (It's
been running for 10 minutes here already.)

So that's about it. I have not done a thorough job at checking the
actual *integrity* of the results. It's difficult, considering CVE
identifiers are not sequential in the data/CVE/list file, so a naive
diff like this will fail:

$ diff -u <(cat ../security-tracker-full-test-filtered-bis/data/CVE/list.{2019,2018,2017,2016,2015,2014,2013,2012,2011,2010,2009,2008,2007,2006,2005,2004,2003,2002,2001,2000,1999} ) data/CVE/list | diffstat
 list |106562 +++++++++++++++++++++++++++++++++----------------------------------
 1 file changed, 53281 insertions(+), 53281 deletions(-)

But at least the numbers add up: it looks like no line is lost. And
indeed, it looks like all CVEs add up:

$ diff -u <(cat ../security-tracker-full-test-filtered-bis/data/CVE/list.{2019,2018,2017,2016,2015,2014,2013,2012,2011,2010,2009,2008,2007,2006,2005,2004,2003,2002,2001,2000,1999} | grep ^CVE | sort -n ) <( grep ^CVE data/CVE/list | sort -n  ) | diffstat
 0 files changed

A cursory look at the diff seems to indicate it is clean, however.

I looked at splitting that file per CVE. That did not scale and just
created new problems. But splitting by *year* seems like a very
efficient switch, and I think it would be worth pursuing that idea
forward.

A.

-- 
There is no cloud, it's just someone else's computer.
                       - Chris Watterson

Reply to:

Follow-Ups:
- Bug#908678: Testing the filter-branch scripts
  - From: Daniel Lange <DLange@debian.org>

References:
- Bug#908678: Some more thoughts and some tests on the security-tracker git repo
  - From: Antoine Beaupré <anarcat@debian.org>
- Bug#908678: Some more thoughts and some tests on the security-tracker git repo
  - From: Antoine Beaupré <anarcat@debian.org>
- Bug#908678: Testing the filter-branch scripts
  - From: Daniel Lange <DLange@debian.org>
- Bug#908678: Testing the filter-branch scripts
  - From: Antoine Beaupré <anarcat@debian.org>

Prev by Date: DSA candidates
Next by Date: Bug#908678: Testing the filter-branch scripts
Previous by thread: Bug#908678: Testing the filter-branch scripts
Next by thread: Bug#908678: Testing the filter-branch scripts
Index(es):
- Date
- Thread