On Mon, 17 May 2021 at 09:58, Serkan Özkan <ser...@vulniq.com> wrote:
> Hello, > In theory, from version number numbering point of view only, yes less than > 0.0 is valid. But in practice, as they are used in Debian OVAL definitions, > I don't think they are. I think these state values might be incorrect, > probably unintentionally. And there are many, thousands, of these less than > 0.0 versions, I don't think they are actually intended to test for pre > version 0 releases. > Dear Serkan, There is a problem with the OVAL definitions published in the website. The definitions are generated from the information available (in webwml files) in the source code of the website but this is missing version information in a way that can be properly interpreted by the scripts. As a consequence, the output (the definitions) does not include an accurate value for the version. To implement this properly we would need to re-engineer the script that was created in 2010. Help here would be appreciated, I can point you to the script + setup if you could help. Hope above clarifies. Best regards, Javier
