Code review comment for ~sbeattie/ubuntu-cve-tracker/+git/ubuntu-cve-tracker:check-cves_ignore_cache

Revision history for this message
Steve Beattie (sbeattie) wrote :

On Wed, May 18, 2022 at 01:11:48AM -0000, Alex Murray wrote:
> Would it be possible to also add this in the "experimental" mode as well?

I'm open to the idea, but I'm not sure how. In interactive mode,
whatever reason you give to ignore a cve is added to the cache (limited
to 5 entries), and the next time you attempt to ignore a CVE, it shows
you the last five you entered.

Since the experimental mode is non-interactive and thus all proposed
interactions are pre-computed, I'm not sure how to do something similar.

Now, there are some ways we could improve both interactive and
non-interactive, given that we have a gigantic saved history of entries
from people in the not-for-us.txt file.

For interactive mode, I'd like to make full use of readline's
capabilities with possibly two history files[1], one for ignored reasons,
and one for packages entered, so that similar to bash and other
shells, you could search through history for an appropriate entry
(and also to make interactive editing better).

There's probably more processing we could do for the non-interactive

[1] unfortunately, libreadline only supports one global history per
    process, so when switching between adding a CVE and ignoring a CVE
    or vice versa, we'd need to flush the history and reload the saved
    history from the other save file.

Steve Beattie
<email address hidden>

« Back to merge proposal