[Bug 1217921] New: CPE ID in /etc/os-release adheres to superseded standard.
https://bugzilla.suse.com/show_bug.cgi?id=1217921 Bug ID: 1217921 Summary: CPE ID in /etc/os-release adheres to superseded standard. Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: openSUSE Tumbleweed Status: NEW Severity: Enhancement Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: rokejulianlockhart+1674683091@outlook.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 871229 --> https://bugzilla.suse.com/attachment.cgi?id=871229&action=edit os-release as of cpe:2.3:o:opensuse:tumbleweed:20231208. The Common Platform Enumeration Operating System Identifier (as hostnamectl and /etc/os-release report) format adheres to the pre-2.3 version, as its lack of version demonstrates. https://nvd.nist.gov/products/cpe/detail/34AB288B-8A0F-4C9D-9C61-6E11BC2CE0E8?namingFormat=2.3&orderBy=CPEURI&keyword=cpe%3A2.3%3Ao%3Aopensuse%3Atumbleweed%3A-%3A*%3A*%3A*%3A*%3A*%3A*%3A*&status=FINAL%2CDEPRECATED demonstrates how it should be formatted. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1217921 roke beedell <rokejulianlockhart+1674683091@outlook.com> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://nvd.nist.gov/produc | |ts/cpe/detail/34AB288B-8A0F | |-4C9D-9C61-6E11BC2CE0E8?nam | |ingFormat=2.3&orderBy=CPEUR | |I&keyword=cpe%3A2.3%3Ao%3Ao | |pensuse%3Atumbleweed%3A-%3A | |*%3A*%3A*%3A*%3A*%3A*%3A*&s | |tatus=FINAL%2CDEPRECATED Blocker|--- |No Found By|--- |Other -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1217921 roke beedell <rokejulianlockhart+1674683091@outlook.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1217921 https://bugzilla.suse.com/show_bug.cgi?id=1217921#c1 --- Comment #1 from roke beedell <rokejulianlockhart+1674683091@outlook.com> --- Created attachment 871230 --> https://bugzilla.suse.com/attachment.cgi?id=871230&action=edit Specification Documentation (In reply to roke beedell from comment #0)
Created attachment 871229 [details] os-release as of cpe:2.3:o:opensuse:tumbleweed:20231208.
The Common Platform Enumeration Operating System Identifier (as hostnamectl and /etc/os-release report) format adheres to the pre-2.3 version, as its lack of version demonstrates. https://nvd.nist.gov/products/cpe/detail/34AB288B-8A0F-4C9D-9C61- 6E11BC2CE0E8?namingFormat=2.3&orderBy=CPEURI&keyword=cpe%3A2. 3%3Ao%3Aopensuse%3Atumbleweed%3A- %3A*%3A*%3A*%3A*%3A*%3A*%3A*&status=FINAL%2CDEPRECATED demonstrates how it should be formatted.
More specifically, per https://doi.org/10.6028/NIST.IR.7695#page=7&zoom=auto,-332,731 (from https://csrc.nist.gov/pubs/ir/7695/final) states:
This method of naming is known as a well-formed CPE name (WFN). It is an abstract logical construction. The CPE Naming specification defines procedures for binding WFNs to machine-readable encodings, as well as unbinding those encodings back to WFNs. One of the bindings, called a Uniform Resource Identifier (URI) binding, is included in CPE version 2.3 for backward compatibility with CPE version 2.2 [CPE22]. The URI binding representation of the WFN above is:
cpe:/a:microsoft:internet_explorer:8.0.6001:beta
The second binding defined in CPE 2.3 is called a formatted string binding. It has a somewhat different syntax than the URI binding, and it also supports additional product attributes. With the formatted string binding, the WFN above can be represented by the following.
cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*
We should be proactive in adhering to 2.3 rather than relying upon backward compatibility with 2.2. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1217921 https://bugzilla.suse.com/show_bug.cgi?id=1217921#c2 --- Comment #2 from roke beedell <rokejulianlockhart+1674683091@outlook.com> --- I do prefer the WFN 2.2 syntax - it appears to be merely logically ordered rather than bound to a complex specification. However, most of the world appears to have moved on. Consider this more an RFC than a proposal I fervently support. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1217921 https://bugzilla.suse.com/show_bug.cgi?id=1217921#c3 roke beedell <rokejulianlockhart+1674683091@outlook.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #3 from roke beedell <rokejulianlockhart+1674683091@outlook.com> --- ```.log PS /home/RokeJulianLockhart> cat -vbET '/etc/os-release' | grep 'CPE_NAME' 9 CPE_NAME="cpe:2.3:o:opensuse:tumbleweed:20240131:*:*:*:*:*:*:*"$ 11 #CPE_NAME="cpe:/o:opensuse:tumbleweed:20240131"$ PS /home/RokeJulianLockhart> ``` -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com