[Rpm-maint] [rpm-software-management/rpm] Support repoids (at least) in rpmdb (Discussion #3505)
Colin Walters
notifications at github.com
Mon Jan 6 13:42:26 UTC 2025
rpm doesn't know about rpm-md repositories, that's always lived in higher level things like zypper and yum/dnf etc.
Some of those tools have grown their own databases that live separately from rpm and there's a few tension points from that.
Recently we [hit an issue](https://access.redhat.com/articles/7100920) at Red Hat where security scanners really need the repo identifiers for packages in addition to the raw rpmdb.
[This PR to clair](https://github.com/quay/claircore/pull/869) is I think objectively quite hacky.
It'd be much cleaner to start if this data lived in the rpmdb - that'd mean one API to access it, and it would better express the expected 1-1 mapping of this data - today it's quite easy for the higher level database to become wrong if `rpm` is invoked directly, but if a package was installed directly from `rpm` the field could contain e.g. "file://" or so for a local file or `http://` for URL.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3505
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/repo-discussions/3505 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20250106/ef2f2d82/attachment.htm>
More information about the Rpm-maint
mailing list