| Summary: | GLSA dtd: ambiguous description between product and affected-element | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | alexander.seith |
| Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Fixed now, allow a few minutes to propagate. |
It seems like the description in the comments of the GLSA DTD between the product and the affected-element do not match: [snip] <!-- Element: product Description: Defines what type of security announcement this is. Valid types are: - ebuild A Portage-provided ebuild has a security issue - informational This GLSA is purely informational, no Gentoo system is affected - infrastructure The security issue involves the Gentoo infrastructure The text contains one keyword that defines the issue. Example: <product type="ebuild">openssl</product> Example: <product type="infrastructure">rsync mirror</product> --> <!ELEMENT product (#PCDATA)> <!ATTLIST product type (ebuild|infrastructure|informational) #REQUIRED> [snip] <!-- Element: affected Description: Describe what the affected subjects are. If product@type = 'build', the child elements are 'package' If product@type = 'portage', the child elements are 'package' If product@type = 'infrastructure', the child elements are 'service' --> [snip] In the former description it is said that the product type can be either "ebuild", "informational" or "infrastructure". However, in the latter description, types are "build" (missing "e"?), "portage" and "infrastructure". Regards Alex Reproducible: Always