flora-server icon indicating copy to clipboard operation
flora-server copied to clipboard
verified publisher icon flora-pm

[FLORA-61] Start the data model for security advisories

Open tchoutri opened this issue 1 year ago • 3 comments

Proposed changes

This PR introduces the initial data model for security advisories.

The database components are as follow:

  • security_advisories, which encode most of the metadata, and to where affected packages refer
  • affected_packages represent the packages affected by an advisory, pointing to the advisory. Affected packages have one or multiple affected version ranges associated.
  • affected_version_ranges represent a link between an affected package, and the releases where the vulnerability is introduced and fixed.

Linked

  • https://github.com/haskell/security-advisories/pull/241

Contributor checklist

  • [x] My PR is related to #554
  • [x] I have read and understood the CONTRIBUTING guide
  • [x] I have inserted my change and a link to this PR in the CHANGELOG
  • [ ] I have updated documentation in ./docs/docs if a public feature has a behaviour change

tchoutri avatar Oct 11 '24 22:10 tchoutri

@MangoIV The standalone syntax for NFData does not work if the type does not implement Generic

tchoutri avatar Oct 13 '24 14:10 tchoutri

if the type does not implement Generic

I mistook that for granted.

MangoIV avatar Oct 14 '24 18:10 MangoIV

@tristanCacqueray @blackheaven @frasertweedale Please let me know what you think of this. For the moment I'm filing advisories of the GHC components (haddock included) in the ghc package.

tchoutri avatar Oct 17 '24 22:10 tchoutri

@MangoIV yes, the propagation of the information is the next PR, I just wanted to focus on the data model here. :)

tchoutri avatar Nov 08 '24 21:11 tchoutri