Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-design Package to Vulnerability model relationships #1068

Closed
pombredanne opened this issue Jan 6, 2023 · 3 comments
Closed

Re-design Package to Vulnerability model relationships #1068

pombredanne opened this issue Jan 6, 2023 · 3 comments
Assignees
@TG1999
Labels
2-next Core models Priority: high
Milestone
v35.0.0 - 2-next

Comments

@pombredanne
Copy link
Member

The current models is that a Package is related to Vulnerability through a generic PackageRelatedVulnerability relationship with a fix attribute

This approach is problematic and not obvious. It makes queries more complex and slower.

We should instead evolve the models towards separate AffectedPackages and FixingPackage or something along these lines to be designed.

See these related issues:
@Hritik14
Copy link
Collaborator

Hritik14 commented Jan 7, 2023

@pombredanne

It makes queries more complex

We could possibly avoid that by some abstraction as proposed in #595

and slower

Slower than ... ?

@TG1999 TG1999 added this to the v33.0.0 milestone Jan 13, 2023
@Hritik14
Copy link
Collaborator

As per discussion during call:

A fix is more complex than just a package. It can be much more than that. Fixes can come in terms of fix commits, individual patches etc
@pombredanne

@TG1999 TG1999 self-assigned this Jan 17, 2023
@Hritik14 Hritik14 mentioned this issue Feb 7, 2023
Open
@TG1999 TG1999 removed this from the v33.0.0 milestone Aug 15, 2023
@pombredanne pombredanne changed the title Improve Package to Vulnerability models Re-design Package to Vulnerability model relationships Jan 11, 2024
@pombredanne pombredanne mentioned this issue Jan 11, 2024
Open
@TG1999 TG1999 modified the milestones: v34.0.0, v35.0.0 Jan 30, 2024
@pombredanne pombredanne mentioned this issue Aug 13, 2024
Closed
@TG1999
Copy link
Contributor

TG1999 commented Nov 26, 2024
edited by pombredanne
Loading

@pombredanne I am closing this issue, since we have 2 models for storing PackageVulnerability relationship. Feel free to re-open if needed, This has been merged with:

@TG1999 TG1999 closed this as completed Nov 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TG1999 TG1999

Labels
2-next Core models Priority: high
Projects
04-VulnerableCode Data Quality and next
Status: Validated
Milestone
v35.0.0 - 2-next
Development

No branches or pull requests
3 participants
@pombredanne @Hritik14 @TG1999