[David Kalnischkies] > Thats another usecase of package name matching: "look at how debian > describes the 'same' package compared to fedora."
I've been testing one approach to this the last few days, using the Common Platform Enumeration (CPE) dictionary, <URL: http://cpe.mitre.org/ >. I use it to look up CVEs for the locally maintained software here at the university, but CPEs could also be used to compare the package sets between distributions. RHEL got their own CVE -> CPE information availalbe from <URL: https://www.redhat.com/security/data/metrics/rhsamapcpe.txt >. Perhaps Fedora got something similar? If all distributions registered their packages with CPE info, it would be trivial to map packages between distributions, and also a lot easier to track security issues in packages. :) My dream would be for every package to have their CPE ID in the package, perhaps in debian/control using "Xs-CPE: <id>" or similar, to allow cross-distro mapping of packages and make the security teams work easier. :) I've started on a package map from Debian source package to CPE ID in the testing security team svn, data/CPE/list. I now got 815 entries in the list. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2flvd1aryqg....@login1.uio.no