doc/manual: document _CPE_ID_VALID
The way we handle CPE_ID variable is unusual compared to the other variables: we mostly compute defaults for all of them, and eventually aggregate the various CPE_ID variables to form the CPE ID name. However, we do not consider that CPE ID to valid, unless there is one (or more) CPE_ID variables actually set by the package; this shows that the CPE ID has been checked to be valid against the NVD CPE database. In that situation, we internally define the duly undocumented _CPE_ID_VALID variable. However, it is totally possible (and very often the case) that the default value we set to those variables are appropriate, and do defne a valid CPE ID. In this case, the package will define any arbitrary CPE_ID variable to its default value, usually by setting either the VENDOR or PRODUCT field, though there is no rule or requirement that be the case. This is not very clean, non-obvious, and does not allow for easily adding checks in check-package. Add the _CPE_ID_VALID variable to the manual, to make it official that it should be used when the default values of the others are valid. Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Yann E. MORIN
Thomas Petazzoni
parent
949c1a51b7
commit
ddf66867b1
@ -516,6 +516,10 @@ LIBFOO_IGNORE_CVES += CVE-2020-54321
|
||||
identifier]. The available variables are:
|
||||
+
|
||||
--
|
||||
** +LIBFOO_CPE_ID_VALID+, if set to +YES+, specifies that the default
|
||||
values for each of the following variables is appropriate, and
|
||||
generates a valid CPE ID.
|
||||
|
||||
** +LIBFOO_CPE_ID_PREFIX+, specifies the prefix of the CPE identifier,
|
||||
i.e the first three fields. When not defined, the default value is
|
||||
+cpe:2.3:a+.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user