About two Rust PURL implementations #337
Replies: 1 comment 1 reply
-
At Phylum, we wanted to transition away from a proprietary package identification scheme to PURL and we had some problems with althonos/packageurl.rs (aka packageurl/packageurl.rs). @criminosis (a coworker) found that slashes were not being encoded the same as in package-url/packageurl-java, which was causing problems for us because we were using both implementations, and so he created althonos/packageurl.rs#6, although it turns out the real bug was package-url/packageurl-java#122. We ended up using a fork of althonos/packageurl.rs for a while so it would be consistent with the (broken) package-url/packageurl-java because of the lack of activity in the althonos/packageurl.rs repository. At the same time, we were having problems with multiple implementations of our own proprietary package identification scheme and inconsistent name normalization that was causing alignment problems with data from different sources, especially PyPI, so we were really focusing on getting the name normalization correct. We decided rather than trying to take over maintainership of althonos/packageurl.rs we would create our own implementation and transition towards using that. I think there may have been some specific reasons why we started a new implementation instead of trying to revive the old one, but I don't remember them. Compared to althonos/packageurl.rs:
|
Beta Was this translation helpful? Give feedback.
-
@matt-phylum about https://github.com/package-url/packageurl.rs vs. https://github.com/phylum-dev/purl ... I would be interested to get your take on the difference between the two?
Beta Was this translation helpful? Give feedback.
All reactions