pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ANN: Availability of pkg(8)-capable pkgsrc

On 11/12/2016 14:03, Sevan / Venture37 wrote:
Certainly speaking for myself here but there is no way I'm looking to
hand edit XML after sifting through advisories to fish out relevant
information. If the result of a simple three column file ends up into
a XML monstrosity through some automated means, I wouldn't have any
issue, but there's no way I'm adding VuXML entries directly. Perhaps a
better project would be to work on publishing the conversion tool to
save humanity and prevent any further hand editing on VuXML.

Well, that's exactly what is happening. A cron job is converting the (extremely sparse) netbsd vulnerabilities file and converting it to xml. It's not human created.

That being said, comparing the 2 systems is hardly fair. It's a rickshaw compared to a spacecraft. If VuXML is demonstrably superior then it shouldn't be rejected because of XML. (aside: I've still never understood the kick-reflex all XML is bad).

That being said #2: The fact that freebsd does generate XML by hand (validating it before publishing) is crazy. There is no reason this can't be in a proper database and generated by a script. That's what FreeBSD should be doing.

The website generation feature is a convenient feature of the system
at the cost of duplication of content, manually performed by the
person adding entries. Time is precious!

hmm? it's not duplication. pkg(8) provides the URL. It should point to something. I spent like 10 hours on getting this all set up, I wouldn't have done that for kicks.


P.S. To stress what pkgsrc doesn't provide:
1) It doesn't provide a SUMMARY
2) The title is generic. Between 1 and 2, a user doesn't know anything without checking the reference
3) No discovery date
4) No entry date
5) No modification date
6) affected package ranges are inaccurate due to early regex use

FreeBSD's version allows the entries to be queried by:
- packages
- VIDs
- "topics"
- CVE's
- entry dates
- discovery dates
- modification dates

It could/should offer a search function but doesn't.

This email has been checked for viruses by Avast antivirus software.

Home | Main Index | Thread Index | Old Index