Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 218312

Summary: glsa-check should respect "count" attribute in revised
Product: Portage Development Reporter: Robert Buchholz (RETIRED) <rbu>
Component: ToolsAssignee: Portage Tools Team <tools-portage>
Status: RESOLVED FIXED    
Severity: normal CC: gentoo-bugs, neysx, security
Priority: High Keywords: InVCS
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 196681, 237964, 268001    
Attachments: glsa_separate_count.diff
glsa_separate_count.diff

Description Robert Buchholz (RETIRED) gentoo-dev 2008-04-18 19:25:43 UTC 
Security will edit all existing GLSAs to respect the date format as defined by the DTD. This will replace all dates in the form of "January 2, 2008" by "2008-01-02". For revision counts, the "count" attribute of "revised" will be used.

An example to illustrate the change:
--- glsa-200401-03.xml  30 Dec 2007 03:55:42 -0000      1.2
+++ glsa-200401-03.xml  18 Apr 2008 19:23:04 -0000
@@ -10,8 +10,8 @@
     malformed query string was sent.
   </synopsis>
   <product type="ebuild">mod_python</product>
-  <announced>January 27, 2004</announced>
-  <revised>December 30, 2007: 02</revised>
+  <announced>2004-01-27</announced>
+  <revised count="02">2007-12-30</revised>
   <bug>39154</bug>
   <access>remote</access>
   <affected>

It should be Portage maintainer's decision which date format glsa-check should display. However, revision count parsing should be changed.
Comment 1 michael@smith-li.com 2008-04-21 00:31:11 UTC 
Created attachment 150469 [details, diff]
glsa_separate_count.diff

I can't seem to figure out how glsa-check uses the count. Line 485 of glsa.py is the only time glsa-check actually touches the revised element afaict.

The attached diff is incomplete, but I didn't want to go forward until I really understood the problem -- What it *should* do (untested) is separate the count from the revised /date/ regardless of the format. Currently it does nothing with the count.

Did you want something like this?
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-04-21 10:40:43 UTC 
The count should probably be displayed behind the date as before ("outstream.write("Last revised on:   %s\n\n" % self.revised)")

The case "# No count found, not sure how to handle..." should assume count = 01.
Comment 3 michael@smith-li.com 2008-04-22 01:38:38 UTC 
Created attachment 150552 [details, diff]
glsa_separate_count.diff

OK. No guarantees that this code is exactly right, but it should be very close...
Comment 4 Allen Brooker (AllenJB) 2008-12-31 18:16:14 UTC 
What's the current status of this issue? What's holding it up?

There's a bunch of improvements for the Gentoo websites being held up by this from the looks of the dep graph.
Comment 5 Xavier Neys (RETIRED) gentoo-dev 2008-12-31 20:06:40 UTC 
(In reply to comment #4)
> What's the current status of this issue? What's holding it up?
> 
> There's a bunch of improvements for the Gentoo websites being held up by this
> from the looks of the dep graph.

Not if you care to read the comments on the bugs along this graph.
Dependency must remain so that the xsl can be simplified and cleaned up once the security team has managed to solve their part.
Comment 6 Paul Varner (RETIRED) gentoo-dev 2009-05-18 22:12:37 UTC 
gentoolkit-0.2.4.4 and gentoolkit-0.3.0_rc6 released.