Adopt the purl spec for describing package versions

cps-org / cps

Common Package Specification — A cross-tool mechanism for locating software dependencies

https://cps-org.github.io/cps/

Other

99 stars 8 forks source link

Adopt the purl spec for describing package versions #50

Open levinem opened 6 months ago

levinem commented 6 months ago

I propose that we either use the existing purl spec to describe package versions or create a new Universal Package Version Identifier (UPVI or just PVI).

Formatting could be along the lines of some of these specifications:

https://github.com/package-url/purl-spec https://github.com/palantir/resource-identifier https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html https://en.wikipedia.org/wiki/Uniform_Resource_Name

mwoehlke commented 6 months ago

What, specifically, is the proposal here?