Enhancement request: a default purpose and default deployed on Packages

[pombredanne]

When doing vulnerability management, it would be useful to track a global, dataspace Package a default purpose and default deployment.

This is an important context item for vulnerability mitigation prioritization.

• For instance, the Python sphinx doc tool is a "tool" by default.
• Junit is for tests in Java by default, and not deployed by default.

Given a vulnerability that affects a package, its default deployment and default purpose matters as this context should lower the actual risk exposure for this vulnerability. This could be an important part of a policy. The same data could be further set at the product-package level and would override the global dataspace- or purldb-level attributes.

These data items could be fed from PurlDB, some can be inferred, a lot would be curated.