(registered 2022-10-21, last updated 2022-10-21) Media type name: application Media subtype name: vnd.gentoo.pkgmetadata+xml Required parameters: N/A. Optional parameters: "charset", with semantics identical to those of "application/xml" as described in RFC7303 § 9.1. Encoding considerations: 8bit Identical to those of "application/xml" as described in RFC7303 § 9.1. Security considerations: Package metadata file is a structured XML file providing supplementary metadata for Gentoo packages. No executable content is defined by the data format. The files may contain URLs, including URLs using unencrypted protocols. The metadata file provides additional information for end users and utility scripts. It does not affect the build or installation of Gentoo packages. However, alteration of this data could be used to misguide users and therefore pose a security risk. Metadata files are normally distributed as part of larger repositories. Depending on the repository distribution method, authenticity of all distributed files could be asserted using OpenPGP signatures made on git commits, snapshot archives or Gentoo Manifest files inside the repository. The specification explicitly forbids using external markup declarations and fetching or processing DTDs, in order to protect against known XML parser vulnerabilities. Nevertheless, the format may be subject to other XML parser vulnerabilities. Interoperability considerations: There are no known interoperability issues. Published specification: GLEP 68: Package and category metadata https://www.gentoo.org/glep/glep-0068.html Applications which use this media: Gentoo package managers such as Portage [1] and PkgCore [2] display some of the information provided by package metadata files and provide an API to access it. They are also used by tools such as NATTkA [3] or packages.gentoo.org website [4]. This list is not exhaustive. [1] https://wiki.gentoo.org/wiki/Project:Portage [2] https://github.com/pkgcore/pkgcore [3] https://github.com/projg2/nattka [4] https://packages.gentoo.org/ Fragment identifier considerations: N/A. Restrictions on usage: N/A. Provisional registration? (standards tree only): No Additional information: 1. Deprecated alias names for this type: N/A. 2. Magic number(s): N/A. 3. File extension(s): .xml (the file is always named "metadata.xml") 4. Macintosh file type code: N/A. 5. Object Identifiers: N/A. General Comments: Draft posted for review @ https://mailarchive.ietf.org/arch/msg/media-types/oIuliBXPz9xxZFsVir1De0Ajcc4/ Person to contact for further information: 1. Name: Michał Górny 2. Email: mgorny&gentoo.org Intended usage: COMMON Author/Change controller: Gentoo Council (https://wiki.gentoo.org/wiki/Project:Council)