On Wed, 7 May 2014 11:53:30 -0500 Dennis Gilmore <dennis@xxxxxxxx> wrote: > > Not sure if this is bz worthy or just something to mention on a mail > > list. I was doing some experimenting on creating SWID tags out of > > the rpm database and noticed some inconsistencies. For example: > > > > # rpm -q --queryformat '%{DISTRIBUTION}\n' bash > > Fedora Project > > # rpm -q --queryformat '%{DISTRIBUTION}\n' xbmc > > Fedora 20 > > > > Seems that rpmfusion has it right and the main Fedora build system > > is misconfigured. > > rpmfusion has it wrong, they should be using rpmfusion. koji sets the > distribution tag for everything that is built in the buildsys to be > the same. for fedora that is "Fedora Project" as that is who is > building and distributing the rpms OK, maybe I am approaching this from the wrong direction. What I need to identify in the rpm database is the following: 1) product title - this would be the rpm package name 2) product version - again version from rpm 3) software creator - was thinking this was URL 4) software licensor - was thinking this was VENDOR 5) component_of - was thinking that this was DISTRIBUTION It doesn't seem right to have 4 & 5 say Fedora Project. In a sense its true. But I was wanting the component_of to say Fedora 20 or 19 so that the tag contents better identify an OS component to match reality. If we have the same version of a package on F19 & F20, the way it is now, all identification will be the same but the file hashes will be different because of timestamps, compiler options, different definitions of macros & inline functions, etc. Hope this clarifies things a bit. Thanks, -Steve -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct