search

package-url / purl-spec

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
https://github.com/package-url/purl-spec
Other
693 stars 161 forks source link

OCI type: is version required? #157

Open MarkLodato opened 2 years ago

MarkLodato commented 2 years ago

The text currently says:

The version is the [...] and is required to uniquely identify the artifact.

Does that mean that the field is REQUIRED, and the "to uniquely identify the artifact" is explaining why it's required? Or is it only required if you want to uniquely identify the artifact?

To clarify, I suggest either:

If it is actually the first version, I strongly suggest making it optional. oci is the only type where version is required, and the spec even says "version: the version of the package. Optional". In some cases it is necessary to describe a package with a floating label where the hash is not yet resolved.

itaysk commented 4 months ago

the spec already says it's optional for all types:

version: the version of the package. Optional.