[Silvio Cesare] > Do you think such a list could be useful to Debian? A possible use > would be that a user could identify an equivalent package knowing > only Fedora's package name.
I've been looking into a similar task the last few days, to try to track security issues in multiple distributions and locally maintained software. The Common Platform Enumeration dictionary, <URL: http://nvd.nist.gov/cpe.cfm >, provide a common vocabulary for packages, and it would be very useful if Debian would provide the CPE entry for each of the packages in the archive. The CPE dictionary contain IDs for packages (applications), operating systems and hardware, and allow these IDs to be used to look up CVEs. If such IDs were provided the packages in for linux distributions, it would be trivial to find equivalent packages. The package/application IDs look like this, for a few of the packages in the Debian archive. cpe:/a:bash:bash:4.1 cpe:/a:gnu:gzip:1.3.12 cpe:/a:apache:subversion:1.6.12 cpe:/a:apache:http_server:2.2.16 The IDs can also be used without version numbers. It would be great if you or someone else could provide a mapping from distribution packages to CPE entries. :) Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2flaaip46qu....@login2.uio.no
