If consumers use a private goproxy, then without formatting it to the PURL the generic package locator is not accurate to describe the package location.
The PURL spec sadly doesn't mention anything that would be even remotely related to what we need here with repository_url/download_url being the closest having a different meaning.
We'll probably have to come up with a custom qualifier, i.e. proxy to denote that a proxy was used to locate the package given its identifier.
If consumers use a private goproxy, then without formatting it to the PURL the generic package locator is not accurate to describe the package location. The PURL spec sadly doesn't mention anything that would be even remotely related to what we need here with
repository_url/download_url
being the closest having a different meaning. We'll probably have to come up with a custom qualifier, i.e.proxy
to denote that a proxy was used to locate the package given its identifier.