1 |
Sebastian Pipping wrote: |
2 |
> Petteri Räty wrote: |
3 |
>> Sebastian Pipping wrote: |
4 |
>>> To count into the same bucket we use global identifiers for the |
5 |
>>> "products" that fall out of a package. Gentoo package "dev-util/git" |
6 |
>>> can produce product "cpe://a:git:git", Debian's "git-core" can, too. |
7 |
>>> That string before is a CPE URI [1], a concept close to package naming |
8 |
>>> in Java. This "intermediate language" allows us to relate package names |
9 |
>>> from distro X with those of distro Y and answer various questions from |
10 |
>>> that data. |
11 |
>>> |
12 |
>>> To do such mapping we need code (or a "service") that does the mapping |
13 |
>>> for us and base of collected data that the service can operate on. Both |
14 |
>>> of these is project "PackageMap" |
15 |
>> Instead of manually populating a database wouldn't it make more sense to |
16 |
>> parse this information from package metadata.xml? |
17 |
> |
18 |
> Which information exactly? Please elaborate on that. |
19 |
> |
20 |
> Sebastian |
21 |
> |
22 |
|
23 |
I mean making metadata.xml the authoritative source for mapping CPE to |
24 |
Gentoo packages. I don't want to see the situation when adding new |
25 |
packages to the tree would need some mapping being done in an external |
26 |
web service. We should of course try to provide as much automation as |
27 |
possible for creating the value for metadata.xml. |
28 |
|
29 |
Regards, |
30 |
Petteri |