Re: Equivalent packages between Linux distributions
[Silvio Cesare]
> Do you think such a list could be useful to Debian? A possible use
> would be that a user could identify an equivalent package knowing
> only Fedora's package name.
I've been looking into a similar task the last few days, to try to
track security issues in multiple distributions and locally maintained
software.
The Common Platform Enumeration dictionary,
<URL: http://nvd.nist.gov/cpe.cfm >, provide a common vocabulary for
packages, and it would be very useful if Debian would provide the CPE
entry for each of the packages in the archive.
The CPE dictionary contain IDs for packages (applications), operating
systems and hardware, and allow these IDs to be used to look up CVEs.
If such IDs were provided the packages in for linux distributions, it
would be trivial to find equivalent packages.
The package/application IDs look like this, for a few of the packages
in the Debian archive.
cpe:/a:bash:bash:4.1
cpe:/a:gnu:gzip:1.3.12
cpe:/a:apache:subversion:1.6.12
cpe:/a:apache:http_server:2.2.16
The IDs can also be used without version numbers.
It would be great if you or someone else could provide a mapping from
distribution packages to CPE entries. :)
Happy hacking,
--
Petter Reinholdtsen
Reply to: