Bug#797768: systemd: os-release(5) has outdated reference to CPE

Ben Harris bjh21 at cam.ac.uk
Wed Sep 2 13:13:48 BST 2015

Package: systemd
Version: 224-1
Severity: minor
Tags: upstream

Dear Maintainer,

os-release(5) includes this description of the "CPE_NAME" parameter:

            A CPE name for the operating system, following the Common Platform
            Enumeration Specification[2] as proposed by the MITRE Corporation.
            This field is optional. Example:

This example name seems to be formatted according to CPE 2.2, which specified a 
single URI-like textual format for CPE Names.  CPE 2.2 was superseded in August 
2011 by CPE 2.3, which specifies an abstract CPE Name and two different textual 
bindings.  By simply referring to "A CPE name", os-release(5) fails to specify 
which of these formats is meant.

I'd suggest that the reference be updated to either explicitly refer to the URI 
binding of a CPE name for the operating system, or to explicitly refer to CPE 2.2. 
Since CPE 2.3 URI bindings are meant to be backward-compatible with CPE 2.2, I'd 
suggest that the former is the better approach.

As of CPE 2.3, it seems that NIST have taken over maintenance of CPE, so the 
reference to MITRE should probably be replaced by a reference to NIST, and the Web 
reference changed to point to <http://scap.nist.gov/specifications/cpe/>.

Ben Harris, University of Cambridge Information Services.

-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
   APT prefers testing
   APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 4.1.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  adduser         3.113+nmu3
ii  libacl1         2.2.52-2
ii  libapparmor1    2.9.2-3
ii  libaudit1       1:2.4.4-1
ii  libblkid1       2.26.2-9
ii  libc6           2.19-19
ii  libcap2         1:2.24-11
ii  libcap2-bin     1:2.24-11
ii  libcryptsetup4  2:1.6.6-5
ii  libgcc1         1:5.1.1-14
ii  libgcrypt20     1.6.3-2
ii  libkmod2        21-1
ii  liblzma5        5.1.1alpha+20120614-2.1
ii  libmount1       2.26.2-9
ii  libpam0g        1.1.8-3.1
ii  libseccomp2     2.2.3-1
ii  libselinux1     2.3-2+b1
ii  libsystemd0     224-1
ii  mount           2.26.2-9
ii  sysv-rc         2.88dsf-59.2
ii  udev            224-1
ii  util-linux      2.26.2-9

Versions of packages systemd recommends:
ii  dbus            1.8.20-1
ii  libpam-systemd  224-1

Versions of packages systemd suggests:
pn  systemd-ui  <none>

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list