From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp2.migadu.com ([2001:41d0:303:e16b::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms13.migadu.com with LMTPS
	id QNVSECDYf2eIUgAAe85BDQ:P1
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 09 Jan 2025 14:07:28 +0000
Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2.migadu.com with LMTPS
	id QNVSECDYf2eIUgAAe85BDQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 09 Jan 2025 15:07:28 +0100
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=Gcer+cJy;
	dkim=fail ("headers rsa verify failed") header.d=ngraves.fr header.s=ovhmo4487190-selector1 header.b=aPMeTlj4;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gnu.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1736431648;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=eUrFs4e7olCCa0MEEFvT8kIRrlIsXcTqOnQwhyHhND8=;
	b=WPgxSEpdUOZf2sjIsX5EDAeqAr3rrEg19lExJhAHxSDof56McctWTE0BHtQwvBmS+nwV1r
	qAnXUonvLKAgxGNosJlpnzQGc6Vzx5hCKL2z7cmLsMLwkjtiv5zk6YSewYTSPpMdA0tVLO
	Z4BC9oPULR2oDDfXn9uPS+HwnzR2vTCqTQrx/K7xEtBT5AgYVigKesjmHK+oEBhQePIIRA
	+XPHaZ3SIehM9Ch1P8Vqg2ivJ4ivGbt1eeqVSv7H820yma5mFSJAKhXJrRqgOmSwFU235V
	b1rXZ2XfKVsVwSbFu0FMV9fngAIq+y/4ItGo0F54C8Xz/VJiyJtWZIAVm/S9dw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=Gcer+cJy;
	dkim=fail ("headers rsa verify failed") header.d=ngraves.fr header.s=ovhmo4487190-selector1 header.b=aPMeTlj4;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gnu.org
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1736431648; a=rsa-sha256; cv=none;
	b=jznDEf395wj51AAkqnUY6lua+7tk4Ge+s98qBUsAv8qsG3tgVqgeBk/2DsliiVERPwph+i
	V6bKk9ToSHYofvdpNk158cnX8A2rcscOIR99U8jz3nRQ1wW/q1ZX/c/rli5aYjFwzEwflF
	PzSbOnEfHelXxRl+tmKFNmXo0p7bT1PMxwOFydF2GyGhsqRrhbEgZDvKXrprbhDpw/Z6vb
	HWl9+9QDZ4nv+IE2rER/zrNrxn95ZnVQhsIKm2c003pn/bgGL6AvM2cufrCUiH28sK4GyA
	To6MNj+mHKAlRzpxIEkQzs2kMxoklg/KTqs2qLdVk2yyn+waC8e402eKQ9DtwQ==
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id D6A1E25EF
	for <larch@yhetil.org>; Thu, 09 Jan 2025 15:07:27 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1tVtBi-0004zl-7k; Thu, 09 Jan 2025 09:07:07 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tVtBg-0004zM-BL
 for guix-patches@gnu.org; Thu, 09 Jan 2025 09:07:04 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tVtBg-0008DM-1C
 for guix-patches@gnu.org; Thu, 09 Jan 2025 09:07:04 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org; 
 h=MIME-Version:Date:References:In-Reply-To:From:To:Subject;
 bh=eUrFs4e7olCCa0MEEFvT8kIRrlIsXcTqOnQwhyHhND8=; 
 b=Gcer+cJyFHJR7djMTfTdUHUyf8U+Y35eXoh37A2Ci/peoesmHlHKXAVny5y312tvViSRrC5RThQKWnPQLVGV2uaHmRvciXNSotZRiDF7ntyOVcq57GzxdbeU0AZwN+hKqZUn7UrCpAbwgpiufT4FcLFIYdUu7hbDavGEUzawwaO8GxJIR8LQTQiHQCL2kFgYLFZVOebcJqDRmScHd84mKsaXmuLmlwSuN+NqWr5DMXekbsFFKjPUW5m/J32Kq1njNtMeZpVB51hMNCI//bO3Mdnk/HB1b7fudti74xRzBVTD/qcKdQOclhNVmGcjSNOF7W6i7JNvnYrW5cIyz0ZucA==;
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tVtBe-0001Qu-KT
 for guix-patches@gnu.org; Thu, 09 Jan 2025 09:07:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#74034] [PATCH v6 01/16] cve: Add cpe-vendor and
 lint-hidden-cpe-vendors properties.
Resent-From: Nicolas Graves <ngraves@ngraves.fr>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Thu, 09 Jan 2025 14:07:02 +0000
Resent-Message-ID: <handler.74034.B74034.17364315795425@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 74034
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 74034@debbugs.gnu.org
Received: via spool by 74034-submit@debbugs.gnu.org id=B74034.17364315795425
 (code B ref 74034); Thu, 09 Jan 2025 14:07:02 +0000
Received: (at 74034) by debbugs.gnu.org; 9 Jan 2025 14:06:19 +0000
Received: from localhost ([127.0.0.1]:51228 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tVtAw-0001PQ-SC
 for submit@debbugs.gnu.org; Thu, 09 Jan 2025 09:06:19 -0500
Received: from 3.mo561.mail-out.ovh.net ([46.105.44.175]:37727)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ngraves@ngraves.fr>)
 id 1tVtAt-0001PD-A0
 for 74034@debbugs.gnu.org; Thu, 09 Jan 2025 09:06:17 -0500
Received: from director10.ghost.mail-out.ovh.net (unknown [10.109.139.176])
 by mo561.mail-out.ovh.net (Postfix) with ESMTP id 4YTRQs0hXyz1Sgl
 for <74034@debbugs.gnu.org>; Thu,  9 Jan 2025 14:06:12 +0000 (UTC)
Received: from ghost-submission-5b5ff79f4f-78lv2 (unknown [10.111.174.161])
 by director10.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 90D0B1FE96;
 Thu,  9 Jan 2025 14:06:12 +0000 (UTC)
Received: from ngraves.fr ([37.59.142.100])
 by ghost-submission-5b5ff79f4f-78lv2 with ESMTPSA
 id 4hFxBdTXf2euEAAA3Ab6HQ
 (envelope-from <ngraves@ngraves.fr>); Thu, 09 Jan 2025 14:06:12 +0000
X-OVh-ClientIp: 90.92.117.144
In-Reply-To: <87ldvkp07m.fsf@gnu.org>
References: <20241026222934.25890-1-ngraves@ngraves.fr>
 <20241124201638.10098-1-ngraves@ngraves.fr> <87iks62oga.fsf@gnu.org>
 <87ser9m1j1.fsf@ngraves.fr> <8734ia16kg.fsf@gnu.org>
 <871pxcp7ss.fsf@ngraves.fr> <87ldvkp07m.fsf@gnu.org>
Date: Thu, 09 Jan 2025 15:06:11 +0100
Message-ID: <877c74nkto.fsf@ngraves.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Ovh-Tracer-Id: 15552055417287074557
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: -100
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefuddrudegiedgheejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefujghffffkgggtgfesthhqredttddtjeenucfhrhhomheppfhitgholhgrshcuifhrrghvvghsuceonhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrqeenucggtffrrghtthgvrhhnpeffudelkeejveetleeuffejfefftefhhfffuedtteethfelueelveffjedvffdtffenucfkphepuddvjedrtddrtddruddpledtrdelvddruddujedrudeggedpfeejrdehledrudegvddruddttdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepnhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrpdhnsggprhgtphhtthhopedupdhrtghpthhtohepjeegtdefgeesuggvsggsuhhgshdrghhnuhdrohhrghdpoffvtefjohhsthepmhhoheeiudgmpdhmohguvgepshhmthhpohhuth
DKIM-Signature: a=rsa-sha256; bh=eUrFs4e7olCCa0MEEFvT8kIRrlIsXcTqOnQwhyHhND8=; 
 c=relaxed/relaxed; d=ngraves.fr; h=From;
 s=ovhmo4487190-selector1; t=1736431573; v=1;
 b=aPMeTlj4YkGKBv3BvJHOv/W1RMXVWL06GRoff2ug5zDyN1mUPQlpjGSZRkv1skvSQQrfT5aR
 Q28vv+NJj/lloeNRJBMaGbs4G7ypFahRP68zp+jUghxcrQkLTRkf7v81TBVWZqLaNHpRQHYoDlp
 jPf21vQALmpWzjrLtzRsH1so9yv90siAZW2HOQ7ce/FW2az68+VPJVjNf/kKouCEiC1KJSheVlT
 8nxZgfv0GywrHS/50nCpBd6gkk8wyoeEb14+2ahtqFzV/LBBJltGjDRhQdGMCC5RAQJ14m2X2Z6
 bwMMBt4SkBL2anJ+723t0rZfVWO97XfFU8WMzX1WJizIg==
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Reply-to:  Nicolas Graves <ngraves@ngraves.fr>
X-ACL-Warn: ,  Nicolas Graves via Guix-patches <guix-patches@gnu.org>
From:  Nicolas Graves via Guix-patches via <guix-patches@gnu.org>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: guix-patches-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
X-Migadu-Queue-Id: D6A1E25EF
X-Migadu-Scanner: mx13.migadu.com
X-Migadu-Spam-Score: 0.54
X-Spam-Score: 0.54
X-TUID: D2muLTFygTFN

On 2025-01-09 14:48, Ludovic Court=C3=A8s wrote:

> Hi,
>
>>
>> Is that actually necessary ?  Since the vulnerability-packages field is
>> an sexp, vulnerability->sexp would be the same for v1 and v2.
>>
>> Seems like the place to handle this is rather the second match in the
>> vulnerabilities->lookup-proc procedure, that should have a second case
>> match (the previous one from version history most probably) that is
>> accounting for the v1.
>>
>> WDYT?
>
> What I=E2=80=99m suggesting here is a pattern commonly used in Guix where:
>
>   1. There=E2=80=99s only one in-memory representation.
>
>   2. There may be several on-disk representations, but we convert them
>      once for all when reading them.
>
> You can find this pattern in manifests, for instance with
> =E2=80=98sexp->manifest=E2=80=99.
>
> That=E2=80=99s why I=E2=80=99m suggesting that =E2=80=98vulnerability->se=
xp=E2=80=99 converts to the
> right in-memory representation when it=E2=80=99s reading a v1 sexp.
>
> Does that make sense?

So convert v1-sexp to v2-sexp before passing it further?  The issue is
that we don't necessarily have the vendor in v1 to be able to convert it
to v2.  There are some cases where there's no vendor (don't remember if
it's #f or 'none or something else), I can put that value by default.=20

--=20
Best regards,
Nicolas Graves