Open pombredanne opened 1 year ago
@pombredanne
It makes queries more complex
We could possibly avoid that by some abstraction as proposed in https://github.com/nexB/vulnerablecode/issues/595
and slower
Slower than ... ?
As per discussion during call:
A fix is more complex than just a package. It can be much more than that. Fixes can come in terms of fix commits, individual patches etc @pombredanne
The current models is that a
Package
is related toVulnerability
through a genericPackageRelatedVulnerability
relationship with afix
attributehttps://github.com/nexB/vulnerablecode/blob/40a39743f385bd5b6dfa3424bc72231fe1ae7456/vulnerabilities/models.py#L491
https://github.com/nexB/vulnerablecode/blob/40a39743f385bd5b6dfa3424bc72231fe1ae7456/vulnerabilities/models.py#L584
https://github.com/nexB/vulnerablecode/blob/40a39743f385bd5b6dfa3424bc72231fe1ae7456/vulnerabilities/models.py#L614
This approach is problematic and not obvious. It makes queries more complex and slower.
We should instead evolve the models towards separate AffectedPackages and FixingPackage or something along these lines to be designed.
See these related issues:
715
966
727
595