[Rpm-maint] [rpm-software-management/rpm] Introduction of "rpms.lock.yaml" file (Discussion #2908)

Erik Skultety notifications at github.com
Fri Feb 16 10:39:49 UTC 2024


No, declaring such a thing unsupported is IMO too harsh. Like I suggested earlier, I would find acceptable assuming the default `type: rpm` in this case (or maybe even `type: any`) in which case producers of such data must accept the fact that by mixing multiple types of packages under a single repo in the lockfile may lead to less accurate results in terms of e.g. producing an SBOM out of the prefetched artifacts, otherwise usage of `type` information should IMO not be deemed of any significance when it comes to the fetched artifacts themselves, IOW the different types of RPMs would have been part of the original repo same way as they're going to be after a pre-fetch or am I mistaken in my reasoning?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/2908#discussioncomment-8490867
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/repo-discussions/2908/comments/8490867 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240216/1a7aac1e/attachment.html>


More information about the Rpm-maint mailing list