Ubuntu CVE Tracker

Code review comment for ~ebarretto/ubuntu-cve-tracker:usn-oval-improvement

Revision history for this message

Eduardo Barretto (ebarretto) wrote on 2021-11-22:

On Thu, Nov 18, 2021 at 10:56:52PM -0000, Alex Murray wrote:
> Thanks - one small comment on the new function for cve_lib - also I wonder about the name "Regular Release" - should this perhaps be "Standard Release" or "Interim Release" (I am not sure if we have a proper name to refer to the non-LTS releases but I am not sure "Regular" is the right word here) - perhaps just "Standard Support Release"?

I'm not a big fan on the Regular Release name, but I actually got it from: https://wiki.ubuntu.com/Releases
"Regular releases are supported for 9 months."

Depending on what we want to name it, we might need to revisit our external communications.

>
> Diff comments:
>
> > diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
> > index fd714cf..6e63d0a 100755
> > --- a/scripts/cve_lib.py
> > +++ b/scripts/cve_lib.py
> > @@ -374,6 +413,17 @@ def release_alias(rel):
> > pass
> > return alias
> >
> > +def get_subproject_description(rel):
> > + """Return the description for a given release."""
> > + _, _, _, details = get_subproject_details(rel)
> > + if details:
> > + try:
> > + description = details["description"]
> > + except KeyError:
> > + print("Subproject does not have a descrition.", file=sys.stderr)
> > + return description
>
> description will be unbound if the details does not contain one - also we don't usually print errors in cve_lib from what I recall... should this return an empty string perhaps if none is found? Or 'None'?
>

I can either do a 'pass' or raise the Exception, we actually have a bit of everything in cve_lib,
including printing.
Maybe 'pass' is enough as it won't stop execution. Just let me know what you think is best and
I will adjust accordingly :)

> > +
> > +
> > def get_external_subproject_cve_dir(subproject):
> > """Get the directory where CVE files are stored for the subproject.
> >
>
>
> --
> https://code.launchpad.net/~ebarretto/ubuntu-cve-tracker/+git/ubuntu-cve-tracker/+merge/411027
> You are the owner of ~ebarretto/ubuntu-cve-tracker:usn-oval-improvement.
>

I'm not a big fan on the Regular Release name, but I actually got it from: https://wiki.ubuntu.com/Releases
"Regular releases are supported for 9 months."

Depending on what we want to name it, we might need to revisit our external communications.

> 
> Diff comments:
> 
> > diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
> > index fd714cf..6e63d0a 100755
> > --- a/scripts/cve_lib.py
> > +++ b/scripts/cve_lib.py
> > @@ -374,6 +413,17 @@ def release_alias(rel):
> >              pass
> >      return alias
> >  
> > +def get_subproject_description(rel):
> > +    """Return the description for a given release."""
> > +    _, _, _, details = get_subproject_details(rel)
> > +    if details:
> > +        try:
> > +            description = details["description"]
> > +        except KeyError:
> > +            print("Subproject does not have a descrition.", file=sys.stderr)
> > +    return description
> 
> description will be unbound if the details does not contain one - also we don't usually print errors in cve_lib from what I recall... should this return an empty string perhaps if none is found? Or 'None'?
>

> > +
> > +
> >  def get_external_subproject_cve_dir(subproject):
> >      """Get the directory where CVE files are stored for the subproject.
> >  
> 
> 
> -- 
> https://code.launchpad.net/~ebarretto/ubuntu-cve-tracker/+git/ubuntu-cve-tracker/+merge/411027
> You are the owner of ~ebarretto/ubuntu-cve-tracker:usn-oval-improvement.
>

« Back to merge proposal