terriko
commented
3 months ago I think this is pretty close to what we want, but I think we'll need to do some tweaks to the words we use to improve usability.
Right now, if I read just that data file, I'd assume that it was like purl2cpe, as in "this purl is related to this vendor" but we actually mean completely the opposite "this purl is absolutely not related to this vendor" -- so we need to figure out a way to make that more clear.
I think we'll need multiple things to help here:
Documentation
- . I know it's tempting to leave docs until we've settled on stuff but I'd like you to write the docs now because the process of explaining things to a theoretical user will likely help you uncover things that could be easier to explain.
- Hand in hand with docs, we'll want a relations.yml example file with comments for people to copy and edit. -How feasible would it be to make an issue template where we basically got people to fill in all the data to this template when they filed a bug
Naming
- Now that I'm looking at this with an eye to usability, I think maybe
deduplicationis the wrong term for what's happening here. We're not really getting rid of duplicates, we're getting rid of ... false positives I guess? bad matches? invalid correlations? What if we called it themismatchtable instead? - We need to call
vendorin the file something that indicates anti-vendor. If we go with calling it the mismatch table, we could have it bevendor_mismatchto reinforce the terminology. - maybe instead of calling it
relations.ymlwe'd want it to bemismatch.ymltoo? (or does relations.yml match purl2cpe better?)
inosmeet
sqlite_loaderpopulates the deduplication. If we're satisfied with this approach, I'll make a ci script that triggers this when thedata/directory updates.cc @terriko @anthonyharrison