01/03: doc: Update documentation of guix lint

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/03: doc: Update documentation of guix lint

From:	Ludovic Court�s
Subject:	01/03: doc: Update documentation of guix lint
Date:	Mon, 14 May 2018 17:02:20 -0400 (EDT)

civodul pushed a commit to branch master
in repository guix.

commit 5ac7bf56d0b20d505b747425c5d17f2cc33d9302
Author: Björn Höfling <address@hidden>
Date:   Sun May 13 01:40:00 2018 +0200

    doc: Update documentation of guix lint
    
    * doc/guix.texi (Invoking guix lint): Add cpe-version to example.
    (Invoking guix lint): Add example for lint-hidden-cve.
    
    Co-authored-by: Ludovic Courtès <address@hidden>
---
 doc/guix.texi | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 637c9c3f..a771ab7 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -6835,15 +6835,33 @@ where @code{CVE-YYYY-ABCD} is the CVE identifier---e.g.,
 
 Package developers can specify in package recipes the
 @uref{https://nvd.nist.gov/cpe.cfm,Common Platform Enumeration (CPE)}
-name and version of the package when they differ from the name that Guix
-uses, as in this example:
+name and version of the package when they differ from the name or version
+that Guix uses, as in this example:
 
 @example
 (package
   (name "grub")
   ;; @dots{}
   ;; CPE calls this package "grub2".
-  (properties '((cpe-name . "grub2"))))
+  (properties '((cpe-name . "grub2")
+                (cpe-version . "2.3")))
address@hidden example
+
address@hidden See <http://www.openwall.com/lists/oss-security/2017/03/15/3>.
+Some entries in the CVE database do not specify which version of a
+package they apply to, and would thus ``stick around'' forever.  Package
+developers who found CVE alerts and verified they can be ignored can
+declare them as in this example:
+
address@hidden
+(package
+  (name "t1lib")
+  ;; @dots{}
+  ;; These CVEs no longer apply and can be safely ignored.
+  (properties `((lint-hidden-cve . ("CVE-2011-0433"
+                                    "CVE-2011-1553"
+                                    "CVE-2011-1554"
+                                    "CVE-2011-5244")))))
 @end example
 
 @item formatting

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (3203440 -> 91e5885), Ludovic Court�s, 2018/05/14
- 02/03: gnu: opencv: Ignore CVEs., Ludovic Court�s, 2018/05/14
- 01/03: doc: Update documentation of guix lint, Ludovic Court�s <=
- 03/03: pack: Link top-level entries of wrapped packages., Ludovic Court�s, 2018/05/14

Prev by Date: 02/03: gnu: opencv: Ignore CVEs.
Next by Date: 03/03: pack: Link top-level entries of wrapped packages.
Previous by thread: 02/03: gnu: opencv: Ignore CVEs.
Next by thread: 03/03: pack: Link top-level entries of wrapped packages.
Index(es):
- Date
- Thread