[Oval-devel] Data from WML files

Javier Fernández-Sanguino Peña jfs at computer.org
Tue Jun 12 20:10:28 UTC 2007 

On Tue, Jun 12, 2007 at 06:52:09PM +0400, Pavel Vinogradov wrote:
>  Where the best place for <moreinfo> data from wml file?

I think the best place is in the description field, as you say. Please don't
think that you will be able to automate fully definitions. Most probably,
some human would have to take a look at the OVAL definition output and fixit
somewhat.

> I extract it and put in <description> field of <metadata> section. I think
> it will usefull in oval server - as additional information about dsa.

True, this information is very useful in the server side. 

>  But it include html tags <p> and <a href>. Do we need them in oval server
> os i can simply remove them?

DSA's wml data typically are made of:

a) a description of the vulnerability (first paragraphs)

b) a description of which package versions fix the vulnerability. This is
  complementary to the data available in the .data files, as the .data files
  only hold information for the stable release and this section contains
  information relative to the unstable / oldstable releases too.
  It usually has the form "For the XX distribution this problem has been
  fixed in XXXX" 
  
  In older DSAs this text was different, but it seems that it has been the
  norm from 2003 onwards. Try 
  ' egrep "For the .* this problem has been" *wml'
  (the older instance seems to be DSA 211)

c) a standard "We recommend you upgrade" text (not present in all DSAs)

> <p> - is simply formating here, when <a href> may contain links for
> important information.

I think you should include a, try to skip b), and avoid c) completely (if
present). As for href tags (as well as other HTML tags), I suggest you try to
omit it and (maybe) add it in the future (include it as a TODO)


Regards

Javier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/oval-devel/attachments/20070612/2ae38806/attachment.pgp

More information about the Oval-devel mailing list