Hi,

 

Debian maintain a list of CPE inormation for packages on their security tracker http://svn.debian.org/wsvn/secure-testing/data/CPE/list

The CPE information is not complete and does not contain version information. This makes it relatively static except when packages are added or removed from the repository. It can be useful to maintain this limited CPE information for searching purposes.

 

In the past I generated an automatic mapping between packages in Debian and Fedora https://github.com/silviocesare/Equivalent-Packages/blob/master/NearestNeighbour/Debian5_Fedora13_Matches. From combining the Debian CPE list and my package mappings, I can generate a CPE list for Fedora. The list would not cover all of Fedora's packages and I could not guarantee 100% accuracy, however such a list may be useful.

 

I can create this list if the security team or developers are interested and perhaps it could be put on the Fedora wiki.

 

Apologies if this has already ben answered. I have asked Fedora in several forums if similar information (such as package mappings) would be useful, and the general consensus thus far has been that it is not needed. However, while package mappings might not be useful to Fedora, perhaps a partial CPE list could be.

 

CC me on responses.

 

--

Silvio Cesare