Re: ANN: Availability of pkg(8)-capable pkgsrc

To: Sevan / Venture37 <venture37%gmail.com@localhost>, marino%netbsd.org@localhost
Subject: Re: ANN: Availability of pkg(8)-capable pkgsrc
From: John Marino <netbsd%marino.st@localhost>
Date: Sat, 12 Nov 2016 14:16:22 -0600

On 11/12/2016 14:03, Sevan / Venture37 wrote:

Certainly speaking for myself here but there is no way I'm looking to
hand edit XML after sifting through advisories to fish out relevant
information. If the result of a simple three column file ends up into
a XML monstrosity through some automated means, I wouldn't have any
issue, but there's no way I'm adding VuXML entries directly. Perhaps a
better project would be to work on publishing the conversion tool to
save humanity and prevent any further hand editing on VuXML.

Well, that's exactly what is happening. A cron job is converting the(extremely sparse) netbsd vulnerabilities file and converting it to xml.It's not human created.

That being said, comparing the 2 systems is hardly fair. It's arickshaw compared to a spacecraft. If VuXML is demonstrably superiorthen it shouldn't be rejected because of XML. (aside: I've still neverunderstood the kick-reflex all XML is bad).

That being said #2: The fact that freebsd does generate XML by hand(validating it before publishing) is crazy. There is no reason thiscan't be in a proper database and generated by a script. That's whatFreeBSD should be doing.

The website generation feature is a convenient feature of the system
at the cost of duplication of content, manually performed by the
person adding entries. Time is precious!

hmm? it's not duplication. pkg(8) provides the URL. It should point tosomething. I spent like 10 hours on getting this all set up, I wouldn'thave done that for kicks.


John

P.S. To stress what pkgsrc doesn't provide:
1) It doesn't provide a SUMMARY

2) The title is generic. Between 1 and 2, a user doesn't know anythingwithout checking the reference

3) No discovery date
4) No entry date
5) No modification date
6) affected package ranges are inaccurate due to early regex use

FreeBSD's version allows the entries to be queried by:
- packages
- VIDs
- "topics"
- CVE's
- entry dates
- discovery dates
- modification dates

It could/should offer a search function but doesn't.



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Follow-Ups:
- Re: ANN: Availability of pkg(8)-capable pkgsrc
  - From: Sevan / Venture37

References:
- ANN: Availability of pkg(8)-capable pkgsrc
  - From: John Marino
- Re: ANN: Availability of pkg(8)-capable pkgsrc
  - From: Sevan / Venture37

Prev by Date: Re: ANN: Availability of pkg(8)-capable pkgsrc
Next by Date: Re: ANN: Availability of pkg(8)-capable pkgsrc
Previous by Thread: Re: ANN: Availability of pkg(8)-capable pkgsrc
Next by Thread: Re: ANN: Availability of pkg(8)-capable pkgsrc
Indexes:

Home | Main Index | Thread Index | Old Index