Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce ecosystem-independent all and none schemes #343

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Introduce ecosystem-independent all and none schemes #343

Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
3669b6e
add ecosystem-independent all and none scheme, fix some typos
immqu Nov 12, 2024
179e5ea
resolve tschmidtb51 comments
immqu Nov 14, 2024
964736c
fix double ticks
immqu Nov 15, 2024
bd6bd1c
add ecosystem-independent all and none scheme, fix some typos
immqu Nov 12, 2024
b9e9946
resolve tschmidtb51 comments
immqu Nov 14, 2024
01215fb
fix double ticks
immqu Nov 15, 2024
83b89e0
Merge branch 'master' of github.com:immqu/purl-spec
immqu Nov 15, 2024
37a98c6
Merge branch 'master' into master
immqu Dec 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 24 additions & 19 deletions VERSION-RANGE-SPEC.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ A list of versions, enumerated:

- ``vers:pypi/0.0.0|0.0.1|0.0.2|0.0.3|1.0|2.0pre1``

Additionally, all versions (or none) can be specified:
Additionally, all versions (or none) SHOULD be specified:

- ``vers:all/*``
- ``vers:none/*``
Expand Down Expand Up @@ -603,16 +603,30 @@ Some of the known versioning schemes
These are a few known versioning schemes for some common Package URL
`types` (aka. ``ecosystem``).

- **alpine**: Alpine linux https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/src/version.c
which is using Gentoo-like conventions.

- **cpan**: Perl https://perlmaven.com/how-to-compare-version-numbers-in-perl-and-for-cpan-modules

- **deb**: Debian and Ubuntu https://www.debian.org/doc/debian-policy/ch-relationships.html
Debian uses these comparators: <<, <=, =, >= and >>.

- **rpm**: RPM distros https://rpm-software-management.github.io/rpm/manual/dependencies.html
The a simplified rmpvercmp version comparison routine is used by archlinux Pacman.

- **gem**: Rubygems https://guides.rubygems.org/patterns/#semantic-versioning
which is similar to ``node-semver`` for its syntax, but does not use semver
versions.

- **gentoo**: Gentoo https://wiki.gentoo.org/wiki/Version_specifier

- **golang**: Go modules https://golang.org/ref/mod#versions use ``semver`` versions
with a specific minimum version resolution algorithm.

- **maven**: Apache Maven supports a math interval notation which is rarely seen
in practice http://maven.apache.org/enforcer/enforcer-rules/versionRanges.html

- **nuget**: NuGet https://docs.microsoft.com/en-us/nuget/concepts/package-versioning#version-ranges
Note that Apache Maven and NuGet are following a similar approach with a
math-derived intervals syntax as in https://en.wikipedia.org/wiki/Interval_(mathematics)

- **npm**: npm uses node-semver which is based on semver with its own range
notation https://github.com/npm/node-semver#ranges
A similar but different scheme is used by Rust
Expand All @@ -624,31 +638,22 @@ These are a few known versioning schemes for some common Package URL

- **pypi**: Python https://www.python.org/dev/peps/pep-0440/

- **cpan**: Perl https://perlmaven.com/how-to-compare-version-numbers-in-perl-and-for-cpan-modules

- **golang**: Go modules https://golang.org/ref/mod#versions use ``semver`` versions
with a specific minimum version resolution algorithm.

- **maven**: Apache Maven supports a math interval notation which is rarely seen
in practice http://maven.apache.org/enforcer/enforcer-rules/versionRanges.html
- **rpm**: RPM distros https://rpm-software-management.github.io/rpm/manual/dependencies.html
The a simplified rmpvercmp version comparison routine is used by archlinux Pacman.

- **nuget**: NuGet https://docs.microsoft.com/en-us/nuget/concepts/package-versioning#version-ranges
Note that Apache Maven and NuGet are following a similar approach with a
math-derived intervals syntax as in https://en.wikipedia.org/wiki/Interval_(mathematics)
TODO: add Rust, composer and archlinux, nginx, tomcat, apache.

- **gentoo**: Gentoo https://wiki.gentoo.org/wiki/Version_specifier

- **alpine**: Alpine linux https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/src/version.c
which is using Gentoo-like conventions.
Moreover, there are several versioning schemes that are independent from any specific ecosystem.

- **ecosystem-independent versioning schemes**: Several versioning schemes that are independent from any specific ecosystem are being developed. A very simple one is the generic *all* and *none* scheme which allows to specify that all (or none) of the versions are affected.
- **all**: a generic versioning scheme where every version is inside the range, i.e., all versions match. This is equivalent to `true`.
immqu marked this conversation as resolved.
Show resolved Hide resolved

- **generic**: a generic version comparison algorithm (which will be specified
later, likely based on a split on any wholly alpha or wholly numeric segments
and dealing with digit and string comparisons, like is done in libversion)

- **none**: a generic versioning scheme where no version is inside the range, i.e. no versions match. This is equivalent to `false`.

TODO: add Rust, composer and archlinux, nginx, tomcat, apache.

A separate document will provide details for each versioning scheme and:

Expand Down