[AppStream] Adding CVE information to <releases>
Richard Hughes
hughsient at gmail.com
Mon Sep 16 11:25:54 UTC 2019
On Mon, 16 Sep 2019 at 12:09, Matthias Klumpp <matthias at tenstral.net> wrote:
> LVFS parses metainfo files directly, neat! Another reason to keep the
> format stable (although it doesn't seem to support the "artifact"
> group yet, unless I looked at it wrong).
Indeed, no artifact yet. I guess I can add that additionally to the
old format without breaking anything. One for a rainy day perhaps!
> I think I can still add this to the AppStream 0.12.9 release.
> Are you okay with the following assumptions?:
> * If no "type" property is given, and issue type of "generic" is
> assumed, and the "url" property as well as a tag value are mandatory
That sounds good.
> * For CVEs, the "url" property is optional, and the type must be set to "cve"
Agree.
> Now I wonder whether libappstream needs an AsIssue class for this...
Yes, I think it does :)
Richard.
More information about the AppStream
mailing list