Use "gem" instead of "rubygems" to match purl spec #114
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@juspence Thanks! great catch! this is a bug indeed. |
|
I tried to fix only the linting errors in the files I touched, but after looking at the diff I guess these were existing errors? There are also changes to other files which I haven't committed. I'm just going to put things back the way I originally found them, and remove the "pkg:rubygems/" decorator based on your feedback above. |
|
Do not worry about Travis... I need to disable this. |
|
Sorry for the noise, but I would love to see this land :) |
tdruez
added a commit
that referenced
this pull request
Dec 8, 2023
Signed-off-by: tdruez <tdruez@nexb.com>
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Dec 11, 2023
0.12.0 (2023-12-08) ------------------- - Modified `PackageURL.from_string` to properly handle golang purls. package-url/packageurl-python#115 - Improve support for PyPI URLs in `url2purl`. package-url/packageurl-python#128 - Return the "gem" type instead of "rubygems" for "https://rubygems.org/" URLs in `url2purl`. The `pkg:rubygems/` purls are backward-compatible in `purl2url`. package-url/packageurl-python#114 0.11.3 (2023-12-08) -------------------- - Add support for GitLab "/archive/" URLs in `url2purl`. package-url/packageurl-python#133
tdruez
added a commit
that referenced
this pull request
Feb 12, 2024
Signed-off-by: tdruez <tdruez@nexb.com>
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Mar 3, 2024
0.14.0 (2024-02-29) ------------------- - Add support for getting golang purl from go import. aboutcode-org/purldb#259 - Fix the "gem" type in the README docs. package-url/packageurl-python#114
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@pombredanne I see you've authored most of the recent commits. Sorry for the noise if you're not the right person to tag here.
My team has always generated purls for Ruby Gem packages that start with "pkg:gem/". This matches the official spec, which mentions "pkg:gem/" four times:
https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst
The spec doesn't ever mention "pkg:rubygems/", but purl2url generates purls like this, and does not accept any purl like "pkg:gem/". To fix this, I make two small changes:
My opinion is that having two very similar purl types for the same package type is unnecessarily confusing to the users. I chose to standardize on "pkg:gem/" here when generating the purl since that's the example given in the spec. If "pkg:rubygems/" is the more correct option, I can open a PR to update the examples in the spec.
If multiple decorators won't work, or if you'd prefer to avoid backwards-incompatible changes, I could add a separate router that treats "pkg:gem/" as a completely new purl type. Then the existing code for "pkg:rubygems/" wouldn't need to change.
In general, I'm happy to make any changes you recommend. Thanks for your review.