The pattern issue needs to be corrected immediately. The current
> -----Original Message-----
> From: Buttner, Drew [mailto:
[hidden email]]
> Sent: Tuesday, October 30, 2007 2:59 PM
> To:
[hidden email]
> Subject: Re: [CPE-DISCUSSION-LIST] CPE Dictionary XSD
>
> I will add this to the list of changes to push out with the
> next version. One note, I would think the schema version
> should mirror the spec version to remove confusion. agree?
> If so, we can just add new chars to the pattern as new chars
> are added to the part component. The more specific we make
> the schema, the better job of validation it will do.
>
> Thanks!
> Drew
>
> >-----Original Message-----
> >From: Neal Ziring [mailto:
[hidden email]]
> >Sent: Tuesday, October 30, 2007 2:10 PM
> >To: cpe-discussion-list CPE Community Forum
> >Subject: Re: [CPE-DISCUSSION-LIST] CPE Dictionary XSD
> >
> >Harold,
> >
> >Good catch! There are a couple of other minor issues there too, so
> >we'll need to make sure to fix them before the next version
> of the doc
> >is published.
> >
> >Drew - I think the pattern needs to be
> >
> >
> >cpe:/([a-z](:[A-Za-z0-9\._\-~]*(:[A-Za-z0-9\._\-~]*(:[A-Za-z0-9
> >\._\.\-~]*(:[A-Za-z0-9\._\-~]*(:[A-Za-z0-9\._\-~]*(:[A-Za-z0-9\
> >._\-~]*)?)?)?)?)?)?)?
> >
> >so that we don't need to change the schema every time we
> come up with a
> >new object type.
> >
> >...nz (Neal Ziring,
[hidden email],
http://users.erols.com/ziring/)
> >
> >
> >On Monday, October 29, 2007, at 10:37AM, "Harold Booth"
> ><
[hidden email]> wrote:
> >>I am a new developer on the NVD project at NIST and while
> >trying to use the schema file provided at:
> >>
http://cpe.mitre.org/files/cpe-dictionary_2.0.xsd> >>
> >>To validate the CPE Dictionary available at
> >
http://nvd.nist.gov/download/cpe-dictionary-2.0.xml> ><
http://nvd.nist.gov/download/cpe-dictionary-2.0.xmlcpe-diction> >ary> I encountered a couple of issues with the schema file.
> >The first issue was with the import namespace command. The schema
> >location only specified xml.xsd. While this works fine if
> you know to
> >download the correct xml.xsd I believe the full path should be
> >specified to point out to users where to obtain
> >the correct schema file. Initially I naively downloaded the
> >xsd located at
http://www.w3.org/XML/1998/namespace, but
> this document
> >had been superseded by the schema at
http://www.w3.org/2001/xml.xsd.
> >>
> >>The second issue is with the "namePattern" specified as:
> >>cpe:/([aho](:[A-Za-z0-9\._\-~]*(:[A-Za-z0-9\._\-~]*(:[A-Za-z0-
> >9\._\.\-~]*(:[A-Za-z0-9\._\-~]*)?)?)?)?)?
> >>The CPE 2.0 specification specifies the following as a valid name:
> >>cpe:/ {part} : {vendor} : {product} : {version} : {update} :
> >{edition} : {language}
> >>It looks like the name is missing matches for edition and
> >language. So I changed the name match to:
> >>cpe:/([aho](:[A-Za-z0-9\._\-~]*(:[A-Za-z0-9\._\-~]*(:[A-Za-z0-
> >9\._\.\-~]*(:[A-Za-z0-9\._\-~]*(:[A-Za-z0-9\._\-~]*(:[A-Za-z0-9
> >\._\-~]*)?)?)?)?)?)?)?.
> >>
> >>Attached to this message is an updated version of the shema
> >file that I was able to use to correctly validate the
> dictionary file.
> >>
> >>Regards,
> >>Harold Booth
> >>
> >
>
cpe-dictionary_2.0.xsd (10K) 
