|
Lines 31-53
Link Here
|
| 31 |
|
31 |
|
| 32 |
<!-- |
32 |
<!-- |
| 33 |
Element: product |
33 |
Element: product |
| 34 |
Description: Defines what type of security announcement this is. |
34 |
Description: Human-readable keyword defining what product is affected. |
| 35 |
|
35 |
|
| 36 |
Attribute: @type: Describes the type of this GLSA, valid values are: |
36 |
Example: <product>openssl</product> |
| 37 |
- ebuild A Portage-provided ebuild has a security |
|
|
| 38 |
issue |
| 39 |
- informational This GLSA is purely informational, no Gentoo |
| 40 |
system is affected |
| 41 |
- infrastructure The security issue involves the Gentoo |
| 42 |
infrastructure |
| 43 |
|
| 44 |
The text contains one keyword that defines the issue. |
| 45 |
|
| 46 |
Example: <product type="ebuild">openssl</product> |
| 47 |
Example: <product type="infrastructure">rsync mirror</product> |
| 48 |
--> |
37 |
--> |
| 49 |
<!ELEMENT product (#PCDATA)> |
38 |
<!ELEMENT product (#PCDATA)> |
| 50 |
<!ATTLIST product type (ebuild|infrastructure|informational) #REQUIRED> |
|
|
| 51 |
|
39 |
|
| 52 |
<!-- |
40 |
<!-- |
| 53 |
Element: announced |
41 |
Element: announced |
|
Lines 89-103
Link Here
|
| 89 |
|
77 |
|
| 90 |
<!-- |
78 |
<!-- |
| 91 |
Element: affected |
79 |
Element: affected |
| 92 |
Description: Describe what the affected subjects are. |
80 |
Description: Describe what the affected packages are. |
| 93 |
|
|
|
| 94 |
If product@type = 'ebuild', the child elements are 'package' |
| 95 |
If product@type = 'infrastructure', the child elements are |
| 96 |
'service' |
| 97 |
If product@type = 'informational', this has no child elements |
| 98 |
|
| 99 |
--> |
81 |
--> |
| 100 |
<!ELEMENT affected (package*|service*)> |
82 |
<!ELEMENT affected package*> |
| 101 |
|
83 |
|
| 102 |
<!-- |
84 |
<!-- |
| 103 |
Element: package |
85 |
Element: package |
|
Lines 166-193
Link Here
|
| 166 |
slot CDATA "*"> |
148 |
slot CDATA "*"> |
| 167 |
|
149 |
|
| 168 |
<!-- |
150 |
<!-- |
| 169 |
Element: service |
|
|
| 170 |
Description: Provide information about the Gentoo services that are |
| 171 |
affected by the security advisory. Portage must be able |
| 172 |
to parse this information to make decisions (for instance, |
| 173 |
ignore an rsync server or a certain distfiles mirror). |
| 174 |
|
| 175 |
Attribute: @type: |
| 176 |
The type attribute can be one of "rsync", "web", "mirror". |
| 177 |
|
| 178 |
Attribute: @fixed: |
| 179 |
The fixed attribute (denoting if the problem has been solved) |
| 180 |
can be one of "yes" or "no". If not used, the default value is |
| 181 |
"no". |
| 182 |
|
| 183 |
Occurrence: The service element can occur 0, 1 or more times |
| 184 |
Example: <service type="rsync">rsync://rsync.someserver.tld/gentoo-portage</service> |
| 185 |
--> |
| 186 |
<!ELEMENT service (#PCDATA)> |
| 187 |
<!ATTLIST service type (rsync|web|mirror) #REQUIRED |
| 188 |
fixed (yes|no) #IMPLIED> |
| 189 |
|
| 190 |
<!-- |
| 191 |
Element: uri |
151 |
Element: uri |
| 192 |
Description: Link to the organisation involved in releasing the advisory |
152 |
Description: Link to the organisation involved in releasing the advisory |
| 193 |
Attribute: @link: The reference to be used for this link. |
153 |
Attribute: @link: The reference to be used for this link. |
| 194 |
- |
|
|
