Code review comment for ubuntu-cve-tracker:lp2052658

On Thu, Feb 08, 2024 at 12:56:58AM -0000, Alex Murray wrote:
> Review: Approve
>
> I agree on the p/parent typo - not sure on the implications of removing
> the other section but I agree we need to fix this issue so let's go
> with it and we'll find out if it causes any other issues as we go.

I tested active_edit with the package referenced in the comment,
openjdk, along with one of its actual packages, openjdk-8, in the
following situations:

  ./scripts/active_edit -p openjdk -c CVE-1999-123456
  ./scripts/active_edit -p openjdk-8 -c CVE-1999-123456
  ./scripts/active_edit -p openjdk-8 -p openjdk -c CVE-1999-123456
  ./scripts/active_edit -p openjdk -p openjdk-8 -c CVE-1999-123456

(deleting the created file in between each test) both before and after
Marc's commit and could not get any of them to generate an entry for an
'openjdk' source package or duplicate 'openjdk-8' entries.

(An invocation of active_edit on a boilerplate package for an existing
CVE will create duplicate package entries for everything, but this
commit doesn't change that behavior).

So I don't know what the comment on the dropped code snippet was
referring to, but I'm not seeing an issue from it being dropped.
I looked through the commits that dropped the old boilerplate style
to see if it was lifted from anything there, but didn't see anything
really related other than a comment making sure that package stanzas
in boilerplates that were all DNE didn't get added to the created
CVE file, allowing us to have openjdk and gnutls boilerplates that
covered all the versioned source packages. But it looks like the
current code handles this okay.

[For future-Steve reference, since I can never find where the old-style
 00boilerplate code got dropped, the merge commit is 7120fd2d1ee
 ("Merge branch 'noboilerplates-3'") and all the implementation
 commits can be reached from that.]

--
Steve Beattie
<email address hidden>