Avoid depending on individual metadata files (such as
primary.sqlite.gz
or
Packages.bz2
), as these are subject to change.
Packages on packages.microsoft.com may incorporate material from third parties.
License information for third party material
may be found in the packages
themselves or associated documentation. Source code for certain third party
material may be available in an associated source directory. Alternatively, you may
obtain corresponding source code for certain packages
or material by sending an
email to Opensource@microsoft.com, including the package name and version
information.
When a Linux packaging client is referred to as “static”, it means that the client is
designed to work with a fixed set of libraries. A static client
will not dynamically link to
any libraries outside of its own set and will instead use only the libraries that are
included in the client itself. "Static" resources are typically more safe to depend on, but
can still be subject to change.
Static resources on packages.microsoft.com include:
The path to each repo's
metadata, such as the
repomd.xml
or Release/Packages for
Debian files. These metadata files are used by the client to determine which
packages are available for installation and what their dependencies are.
The paths to
config files located under
/config
.
The paths to the key files located under
/keys
.
Resources that are subject to change include:
Paths to individual packages.
The HTML/directory browsing interface is enabled only for interactive web
browsing and is not a stable or supported API.
This includes the underlying
structure of the HTML, as well as, the timestamp and filesize presented.
Package repositories often contain multiple copies of
the same data in different
formats. There's no guarantee that each format will be supported. For example,
Debian repositories
may
include
Packages
,
Packages.bz2
,
Packages.gz
, etc. Rpm
repositories
may
include
primary.xml.gz
or
primary.sqlite.bz2
, etc.
Package
managers will generally prefer one of these formats, but accept an array of format
options.
Clamav
signatures located under
/clamav
will no longer be supported, with
deprecation scheduled in 2023.
