Define a way to store sorted packages

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

https://public.vulnerablecode.io

Apache License 2.0

543 stars 201 forks source link

Define a way to store sorted packages #1676

Open TG1999 opened 2 days ago

TG1999 commented 2 days ago

https://docs.google.com/document/d/1USKu6XdyacZKaZKFqZaXkFAFN_Vc0E2xp00wOzg1X1w/edit?tab=t.0

TG1999 commented 2 days ago

@pombredanne said

The FixedByPackageRelation and the sorting may be two different things, are they?
call that may be "version_rank" and I would make it a float so that you can always insert a version between tow existing versions without having to change anything else
Why not put that on the Package? this is package-level IMHO
We need to have a default value of something like 0? and then only look at packages that need to be updated

TG1999 commented 2 days ago

We will be storing all packages sorted as per this meta

ordering = ["type", "namespace", "name", "version_rank", "qualifiers", "subpath"]