-
Ticket
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
False
-
-
False
-
Very Likely
-
0
Is it correct to use rpm as the PURL type for firefox-flatpak?
Presumably, firefox-flatpak is not provided as an RPM package and therefore should not be managed as one.
Even if the rpm PURL type must be used unavoidably, it seems necessary to provide some mechanism to distinguish between RPM packages and Flatpak packages.
{
"category": "product_version",
"name": "rhel10/firefox-flatpak",
"product": {
"name": "rhel10/firefox-flatpak",
"product_id": "rhel10/firefox-flatpak",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhel10/firefox-flatpak?arch=src"
}
}
},
{
"category": "product_version",
"name": "firefox",
"product": {
"name": "firefox",
"product_id": "firefox",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox"
}
}
},
{
"category": "product_version",
"name": "firefox.src",
"product": {
"name": "firefox.src",
"product_id": "firefox.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox?arch=src"
}
}
},
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8029.json
