On Wed, 7 May 2014 11:53:30 -0500
Dennis Gilmore <den...@ausil.us> wrote:
> > Not sure if this is bz worthy or just something to mention on a mail
> > list. I was doing some experimenting on creating SWID tags out of
> > the rpm database and noticed some inconsistencies. For example:
> >
> > # rpm -q --queryformat '%{DISTRIBUTION}\n' bash
> > Fedora Project
> > # rpm -q --queryformat '%{DISTRIBUTION}\n' xbmc
> > Fedora 20
> >
> > Seems that rpmfusion has it right and the main Fedora build system
> > is misconfigured.
>
> rpmfusion has it wrong, they should be using rpmfusion. koji sets the
> distribution tag for everything that is built in the buildsys to be
> the same. for fedora that is "Fedora Project" as that is who is
> building and distributing the rpms
OK, maybe I am approaching this from the wrong direction. What I need
to identify in the rpm database is the following:
1) product title - this would be the rpm package name
2) product version - again version from rpm
3) software creator - was thinking this was URL
4) software licensor - was thinking this was VENDOR
5) component_of - was thinking that this was DISTRIBUTION
It doesn't seem right to have 4 & 5 say Fedora Project. In a sense its
true. But I was wanting the component_of to say Fedora 20 or 19 so that
the tag contents better identify an OS component to match reality. If
we have the same version of a package on F19 & F20, the way it is now,
all identification will be the same but the file hashes will be
different because of timestamps, compiler options, different
definitions of macros & inline functions, etc. Hope this clarifies
things a bit.
Thanks,
-Steve
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
