© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Thanks for returning the PackageCache to generate-oval!
For others to understand, we discussed that we don't want this in oval_lib as we are expecting to at one point not have this cache generation inside OVAL generation, and for it to be its own script running separate, much like we do not generate USN database or LSN database during OVAL generation, but instead we just fetch the latest databases.
Known missing things in this PR:
1. In the <advisory> we don't have any reference to CVEs/USNs, this will come later in a next PR where we will add a <cve> field with CVSS score, and that will be add for all OVAL types.
2. For now we are using source_map to get package description, at one point we want to have this inside the package cache file.
Overall it looks good to me, I haven't had the time to test the code locally, but I did review the Package based OVAL you generated and we are going in the write direction. I believe we should add some tests in $UCT/test/, as we currently only have tests for USN OVAL. We should also do it for CVE OVAL.
I did notice a small difference on indentation when comparing your sample data and our CVE and USN data, we should work on getting all in the same style, so we can provide a more consistent diff. We can discuss more about it in another PR.