Code review comment for ~alexmurray/ubuntu-cve-tracker:package-db-json-validation

The package-db.json is meant to mimic the old boilerplate files (but all in one file).

So if we previously had a

00boilerplate.mysql and symlinks 00boilerplate.mysql-8.0 etc that pointed back to 00boilerplate.mysql then the new package-db.json has a top-level entry "mysql" with aliases "mysql-8.0" etc.

Then every Patches_mysql-8.0: etc within the old 00boilerplate.mysql would end up in the "pkgs" entry.

The idea of aliases is then to allow us to specify other names for a given package - and each package should only have one top-level entry in the package-db.json. So an alias is another name for the current entry - so it should be invalid to have an alias "beta" as well as a top-level package-db entry called "beta".

As such I'll look at adding some validation for that too :)