New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rpmdb support #255
base: main
Are you sure you want to change the base?
Rpmdb support #255
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Looks like a reasonable implementation to me, my main concern is pulling in the relatively large number of dependencies dependencies to parse the sqlite database., especially before any support for redhat advisories are included in osv.dev .
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks cool! It would be good if you could have a look over the other parsers and consider if there's any situations they account for that should be handled for this parser/"lockfile" too, such as the same packages being listed multiple times
(I'm not super familiar with RedHat stuff, so it might all be being handled by the library)
Thanks for the feedback, I hadn't considered this point. If it's a problem, we can surely keep aside this PR and merge it when osv.dev will have redhat advisories support. |
Usually rpmdb are written only by librpm, passing duplicates/invalid values should not be possible. |
Address #254