Post Syndicated from jzb original https://lwn.net/Articles/1074908/

Package managers for operating systems and programming languages have been
around for decades. Each package manager, and its accompanying packaging format,
has been shaped by the needs of its respective ecosystem, but there is a growing
need to make use of package metadata for more than software management: for
example, in vulnerability scans, software bills of materials (SBOMs), and more. On
May 19, Damián Vicino spoke at the Open Source Summit North America 2026
about his experiences in the past year trying to make sense of the varied
metadata provided by more than 20 package managers.