Conversation
Signed-off-by: Gergely Csatari <[email protected]>
Signed-off-by: Gergely Csatari <[email protected]>
| # https://stackoverflow.com/questions/57355929/what-does-incompatible-in-go-mod-mean-will-it-cause-harm | ||
| if "-" in purl_data.version: | ||
| version = purl_data.version.split("-") | ||
| if exp.match(purl_data.name): |
There was a problem hiding this comment.
What's the point of this check? Do go package names sometimes have v[0-9]+ in them? Why do we use the name in the download_url in that case?
There was a problem hiding this comment.
Maybe this check should actually be:
if len(namespace) >= 3:
There was a problem hiding this comment.
Oh, perhaps this check is looking for modules with backward incompatiable changes as explained here: https://go.dev/doc/modules/release-workflow
There was a problem hiding this comment.
Maybe the checks could instead be replaced by:
if len(namespace_parts) == 2:
return (
f"https://{namespace_parts[0]}/{namespace_parts[1]}/{purl_data.name}"
f"/tree/{version}"
)
else:
return (
f"https://{namespace_parts[0]}/{namespace_parts[1]}/{namespace_parts[2]}"
f"/tree/{version}"
)
I don't see the need for the regular expression check because the backwards incompatiable changes always occur at the 3rd portion of the namespace anyway right?
|
Thanks for all this. We are in the last leg of calrifying the encoding of namespace/name and version in the spec which is completely relevant for Go and I'll review this as soon as this is completed! |
3 participants
A very basic implementation for golang support. Supports most of the golang purls what I tested with, but not perfect.