Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl: prefix libs with 'openssl-' #41315

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

openssl: prefix libs with 'openssl-' #41315

wants to merge 1 commit into from

Conversation

justinvreeland
Copy link
Member

@justinvreeland justinvreeland commented Feb 4, 2025
edited
Loading

When people search for openssl in our SBOMs they're typically meaning to search for libssl and libcrypt which are not showing up in the search. It's not immediately obvious that libssl and libcrypt are from openssl or that someone should search that when they're just looking for information about openssl. This prefixes the library packages with openssl so that they're more easily discovered.

@justinvreeland justinvreeland marked this pull request as ready for review February 4, 2025 20:57
@justinvreeland justinvreeland marked this pull request as draft February 4, 2025 20:58
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Feb 4, 2025
xnox
xnox reviewed Feb 4, 2025
View reviewed changes
openssl.yaml Outdated
description: "OpenSSL libcrypto library"
dependencies:
provides:
- libcypto3
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think you want `libcrypto=${{package.full-version}}" here as otherwise it will not be quite the same provides. There are subtle differences between versioned and version-less provides.

openssl: prefix libs with 'openssl-'
c115900 
When people search for ssl in our SBOMs they're typically meaning to search for
libssl and libcrypt which are not showing up in the search.  It's not immediately
obvious that libssl and libcrypt are from openssl or that someone should search
that when they're just looking for information about openssl. This prefixes the
library packages with openssl so that they're more easily discovered.
@justinvreeland justinvreeland force-pushed the jvreeland/openssl-discoverable branch from 581b3dc to c115900 Compare February 6, 2025 20:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xnox xnox xnox left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@justinvreeland @xnox