Package URL (purl) for Eclipse Platform Plug-ins
We need to determine a reasonable form for purl identifiers for Eclipse Platform Plug-ins.
purl identifiers take the form: scheme:type/namespace/name@version?qualifiers#subpath
Maven uses the form: pkg:maven/org.eclipse.dash/org.eclipse.dash.licenses@1.0.3-SNAPSHOT?type=jar
More information here
so... maybe something like this:
pkg:p2/p2.eclipse.plugin/org.commonmark-gfm-tables@0.21.0.v20230927-1332
or
pkg:p2/p2.eclipse.plugin/org.commonmark-gfm-tables@0.21.0?qualifier=v20230927-1332
Note that a Package URL should refer to a single unambiguous thing. That is, we would have to be able to know how to actually find the corresponding artifact from just the identifier. It is common for each type to have a default repository. With no qualification, maven
type, for example, refers to Maven Central. When the content is available in another repository, the coordinates of that repository must be expressed.
So we could, for example, decide that p2
without qualification refers to the aggregate simultaneous release repository (this makes sense to me). We'll have to decide how to express the source when p2
content is taken from other repositories. I believe that implies that the repositories that we express in Package URLs will need to be durable (although that may not necessarily be the case).
/cc @mbarbero