Recently, a close friend sent me a link to this blog post. The blog post goes over some details about exporting package relationships for Ubuntu in a format that can be read by graph generating software. The blog post was made in early 2013, so I decided to try it myself and add a few things. I made some slight modifications to his code, which can be found below.
The original blog post only contained image renderings. I imported the data into Gephi and produced several SVG renderings of the graph. I then overlayed the vector graphics onto a blank map using the Google Maps API. There are a few renderings with different graph parameters to choose from. The big dot at the center of the graph is libc6, which makes vulnerabilities like CVE-2015-7547 seem very scary.
Click the image below to load the map visualization. Be forewarned, the SVG file is 3mb and can slow down some browsers.
A note about this code: Apparently the approach used in this snippet only shows a subset of packages that are in the apt repos. Thomi Richards did a follow up post explaining this. I may redo the map with the updated dataset, but I belive that this is sufficient for now. Also, I don’t want to run Gephi’s placement algorithm for another 4 hours. Thomi’s original code, slightly edited and reformatted, is reposted below.