[New Product] Roku

[nabber00]

No description provided.

[captn3m0]

This page needs a rework because it is unclear if the page is documenting Roku OS, or Roku Devices. I think it should be the latter. Apple devices have a similar problem, and we track /ios separate from /iphone.

In this page, the biggest problem is the latest column, which is supposed to denote the "latest release in that release cycle". Since a release cycle is a hardware line, it doesn't make sense and we shouldn't be documenting it. Putting an OS version is incorrect here. The page should also clarify that we're tracking devices and not the OS.

We can however still document the HighestRokuOSVersion via a custom column perhaps (see https://endoflife.date/fairphone for eg).

My understanding is that Roku OS 15 is the only supported OS, and any device not receiving a 15 upgrade is effectively EOL. That is what needs to be visible at the page. The policy text should also clarify the same.

We can also perhaps switch to just using the alphanumeric codes for the releasecycles, since they are quite unique, and use releaseLabels for the brand text.

And finally, the page ought to cover the last 2 generation of devices to be the most helpful - otherwise it is an unreliable stub for most users.

[captn3m0]

Since https://nvd.nist.gov/vuln/detail/CVE-2018-11314 links to the firmware CPE.

Suggested change

	- cpe: cpe:2.3:h:roku:roku_tv
	- cpe: cpe:2.3:h:roku:roku_tv
	- cpe: cpe:2.3:h:roku:roku_firmware

[nabber00]

Thanks I made those updates, except wanted to get the format figured out before doing device full population. Once its "stable" I can do that. Also there are lots of CPEs floating around for Roku devices depending on which CVE you look at. I added the full list at: https://www.cvedetails.com/product-list/product_type-h/vendor_id-19030/firstchar-/Hardwares.html

[nabber00]

It looks like the linter does not like the '\+' symbol in CPE names:

/home/runner/work/endoflife.date/endoflife.date/_plugins/identifier-to-url.rb:29:in 'IdentifierToUrl#render': Invalid CPE: should match either (?-mix:^[c][pP][eE]:\/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6}$) for CPE 2.2 or (?-mix:^[c][pP][eE]:2\.3:[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6}$) for CPE 2.3 (RuntimeError)

But this appears to be valid for cpe:2.3:h:roku:streaming_stick_4k\+

See https://nvd.nist.gov/products/cpe/detail/0C2AEF16-DA25-4BE5-91A0-A4D77CBCA0B3?namingFormat=2.3&orderBy=CPEURI&keyword=cpe%3A2.3%3Ah%3Aroku%3Astreaming_stick_4k%5C%2B%3A-%3A*%3A*%3A*%3A*%3A*%3A*%3A*&status=FINAL%2CDEPRECATED

Updated as code block to show backslashes correctly.