support multiple repositories

haskell / security-advisories

https://haskell.github.io/security-advisories/

Other

44 stars 17 forks source link

support multiple repositories #165

Open MangoIV opened 6 months ago

MangoIV commented 6 months ago

Summary

it would be good to have the Advisory type point back to the repository it stems from; reason being that

we would like to refer to an advisory by an URL
we would like to be able to have more than one source for the URL

frasertweedale commented 6 months ago

We are referencing the Hackage namespace. In most cases, the package description contains a reference to the repository.

In cases where it does not and a repository URL is known, I suggest using the existing references field, with reference type PACKAGE, pointing to the repo.

MangoIV commented 6 months ago

Oh no I mean multiple repositories for security advisories, sorry!

frasertweedale commented 6 months ago

@MangoIV ok, thanks for clarifying. If I understand, we want the advisory data (or exported formats, e.g. OSV), to point back to content in this repo?

MangoIV commented 6 months ago

@MangoIV ok, thanks for clarifying. If I understand, we want the advisory data (or exported formats, e.g. OSV), to point back to content in this repo?

yes; the idea would be that some independent entity could host their own set of security advisories and if a user so wishes, they can opt in to that repository as well and still, given an advisory, find its origin.