Add FetchCode support for rpm

At first glance, you cannot derive a deterministic download URL for RPM packages from a PURL - even with qualifiers - because RPM ecosystems lack a centralized, standardized CDN like Alpine or Debian. RPMs are distributed across many vendor-specific, versioned, and dynamically updated repositories.

But in practice we can download RPMs alright so we need to try harder! The code is to be written alright, in PurlDB and FetchCode

See these places:
- https://github.com/aboutcode-org/purldb/blob/main/minecode/miners/repodata_rpms.py
- https://github.com/aboutcode-org/purldb/blob/main/minecode/miners/repodata.py
- https://github.com/aboutcode-org/purldb/blob/main/minecode/miners/repomd.py
- https://github.com/aboutcode-org/purldb/blob/main/minecode/miners/fedora.py
- https://github.com/aboutcode-org/vulnerablecode/blob/dcb0511c73283654ab8a4ca340b71d6d9c5a16b9/vulnerabilities/rpm_utils.py#L76
- https://github.com/aboutcode-org/scancode-toolkit/blob/develop/src/packagedcode/rpm.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Add FetchCode support for rpm #171

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Add FetchCode support for rpm #171

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions