What about supporting package URL to avoid adding yet another layer of package identifiers?

open-component-model / ocm-project

OCM Project Backlog

Apache License 2.0

0 stars 0 forks source link

What about supporting package URL to avoid adding yet another layer of package identifiers? #135

Open pombredanne opened 9 months ago

pombredanne commented 9 months ago

What would you like to be added: Support for package URL to avoid adding yet another layer of package identifiers. https://github.com/package-url/

Why is this needed: Enable integration and reuse with the SBOM and SCA tools ecosystems.

morri-son commented 8 months ago

@mandelsoft and @hilmarf , related to the discussion of OCM/SBOM/Naming in general. I guess pURL is already supported as part of labels on artefact level and the metadata they can transport. We may think about a standard label name for pURLs mentioned in the com-spec. What do you think?

morri-son commented 1 month ago

@fabianburth and @mandelsoft can you please have a look at the proposal?