Packages installed from Package manager may from different namespace #668
Comments
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Description of Problem / Feature Request
First: This may not be an issue.
Motivation:
On CentOS, yum may download from RHEL RPM repository and install RHEL binary.
In this case, the binary is compiled for RHEL but compatible with CentOS.
Since it's a binary and compiled for RHEL, which may have compiler flag difference, there might be difference in the set of vulnerabilities. Moreover, the namespaces for RHEL vulnerabilities and CentOS vulnerabilities are different.
We should modify our core Clair logic to understand that a package may have absolute indication of the namespace, which may not detected by the namespace detectors.
For implementation, we should generalize matching from package to namespace to not only depend on the package manager.
Environment
The text was updated successfully, but these errors were encountered: