Package: src:libarchive Version: 3.2.1-1 Severity: wishlist Tags: patch Hi. I've been working for a while on a system to make it easier to track security issues in Debian by mapping packages to the CPE IDs used to identify affected packages for individual CVEs. Would you be willing to add the relevant CPE IDs to the source package using the following patch?
diff --git a/debian/upstream/metadata b/debian/upstream/metadata --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1 @@ +CPE: cpe:/a:freebsd:libarchive cpe:/a:libarchive:libarchive The first one was the first CPE associated with libarchive I am aware of (from 2006), and the second is the more recent one. -- Happy hacking Petter Reinholdtsen