Subject: Re: VuXML and pkgsrc
To: Adrian Portelli <firstname.lastname@example.org>
From: Daniel Carosone <email@example.com>
Date: 05/04/2004 21:17:25
Content-Type: text/plain; charset=us-ascii
On Tue, May 04, 2004 at 10:25:48AM +0100, Adrian Portelli wrote:
> Some other *BSD's have started using VuXML (http://www.vuxml.org/) for
> their ports/packages related security issues.
> "VuXML is the Vulnerability and eXposure Markup Language, an XML
> application for documenting security issues in a software package
> collection such as the FreeBSD Ports Collection or OpenBSD Ports &
> Packages Collection"
> Is it worth looking at this for NetBSD pkgsrc issues ?
I like XML, as a general rule, but for what use would VuXML be valuable:
- does it add anything important to the current format for the
pkg-vulnerabilities list? I guess possibly not, without checking
- is it something we should write a separate tool, to import other
project's XML files and look for vulnerabilities? (and perhaps
likewise publish in turn)
The best benefit for XML in the general case is "i don't have to write
a parser", which is fine as far as it goes, but the present format is
parsed by existing tools easily anyway.
If it offers us, as pkgsrc developers, easier maintenance and faster
notification of problems with 3rd party code, that's of value and
I'll take a look at VuXML separately as s-o, because I've been wanting
something more structured as a source format for project Security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)
-----END PGP SIGNATURE-----