Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use of Module/Package vs Distribution in name #2

Open
mrdvt92 opened this issue Mar 27, 2023 · 6 comments
Open

Use of Module/Package vs Distribution in name #2

mrdvt92 opened this issue Mar 27, 2023 · 6 comments
Labels
documentation Improvements or additions to documentation enhancement New feature or request

Comments

@mrdvt92
Copy link

mrdvt92 commented Mar 27, 2023

I have not seen Perl PURLs documented anywhere but in this package.

The term "package" in PURL more closely matches the term "distribution" in the CPAN instead of the term "module" or "package" in Perl.

I propose we (the Perl community) be much more consistent with other implementations to be distribution-based and not module-based.

Changes to keep backwards compatibility (Is this a priority?)

pkg:cpan/URI::[email protected]  #default namespace is module default repository_url is cpan.org.

Note: This is ONLY valid for distributions where the primary package is also named the same as the distribution with changing "::" to "-". PAUSE allows the update of a distribution where the module inside does NOT have a version update.

pkg:cpan/module/URI::[email protected]
pkg:cpan/dist/[email protected] #default repository_url=cpan.org (should this be https://metacpan.org/dist/libwww-perl?)
pkg:cpan/dist/[email protected]?repository_url=cpan.org #explicit but should this be metacpan.org or even the full URL https://metacpan.org/dist/URI-PackageURL
pkg:cpan/dist/[email protected] #default repository_url=cpan.org (should this be https://metacpan.org/dist/libwww-perl?)
@giterlizzi giterlizzi added documentation Improvements or additions to documentation enhancement New feature or request labels Apr 4, 2023
@zmughal
Copy link

zmughal commented May 26, 2023

I wanted to link up with a couple other threads along these lines for the cpan Package URL type:

so that a common semantics can be worked out.

@giterlizzi
Copy link
Owner

In the next version of the module, I have made a change to allow the use of distribution instead of module name. Other improvements is the addition of a CLI (purl-tool see #3) and a helper that allows the PackageURL string to be converted to a URL for package download and repository (not all types are supported).

@giterlizzi giterlizzi reopened this Jun 13, 2023
giterlizzi added a commit that referenced this issue Jun 13, 2023
@giterlizzi
URI::PackageURL enhancements
12cd902 
- Added "purl-tool(1)" (#3)
- Added "URI::PackageURL::Util::purl_to_urls" helper
- Fixed name qualifier for "cpan" (#2)
- Fixed some little issues
@sjn sjn mentioned this issue Aug 11, 2023
Open
@sjn
Copy link

sjn commented Aug 11, 2023

Heya! I've been trying to figure out what a good PackageURL looks like, and have some thoughts posted in the CPAN::DistnameInfo ticket mentioned above.

If you want to join the conversation, you're quite welcome! I'm primarily interested in making the CPAN Toolchain understand PURLs (with the intention of using these when generating SBOM objects), and I'm wondering if this effort is something you'd be interested in. 🙂

@sjn sjn mentioned this issue Jan 31, 2024
Open
@sjn
Copy link

sjn commented Jan 31, 2024
edited
Loading

FWIW, I think having room for using packageurls for referring to module names makes completely sense, and is needed when using them to refer to (pre-resolution) dependencies.

I'd vote for the following compromise, supporting both distribution names and module names:

@giterlizzi
Copy link
Owner

I'd vote for the following compromise, supporting both distribution names and module names:

I suggest to use this syntax for module name (without the "namespace"):

... and the "namespace" for the distribution package (the author):

But.. is necessary to remove this line in "URI::PackageURL":

perl-URI-PackageURL/lib/URI/PackageURL.pm

Line 53 in b134997

$name =~ s/::/-/g if $type eq 'cpan';

@sjn
Copy link

sjn commented Jan 31, 2024
edited
Loading

Here's a (complete as of today) list of CPAN ID's that share a name with a module – meaning there exists both a CPAN id and a module with that name:

https://metacpan.org/search?q=ACH
https://metacpan.org/search?q=ASP
https://metacpan.org/search?q=BLADE
https://metacpan.org/search?q=DBR
https://metacpan.org/search?q=DDG
https://metacpan.org/search?q=JBD
https://metacpan.org/search?q=LWP
https://metacpan.org/search?q=MIDI
https://metacpan.org/search?q=SAL
https://metacpan.org/search?q=URI

I guess this is fine if we decide/assume there's never going to be a need for using PackageURLs for referring to authors/CPAN IDs.

Meaning, pkg:cpan/URI will always refer to the module name, and never to a package name or a CPAN id.

I'm fine with this if you are! 😁

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sjn @zmughal @giterlizzi @mrdvt92