Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please indicate why you think this value is missing? (I believe so far this mapping was limited keys which are actually used by package managers within ORT.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At Bosch, we have a package manager plugin for Debian.
It used previously
createPurl
and I plan to migrate totoPurl
following the merge of #7601.toPurl
calls thisgetPurlType
function.You wrote that
getPurlType
is meant to contains only package managers supported by ORT. In this case, we have a proprietary package manager plugin. How do you see it coexist with the rule you described in your comment ?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, I didn't mean "is meant to" but I meant: it currently only contains values from the package managers in ORT.
ORT has a mechanism to plug-in package managers, but lacks a mechanism for plugging in logic related to the ecosystem that package manager uses, e.g.
Identifier.type
. In my view, that should be a plug-in as well for the exact same reason the package manager has been chosen to be a plugin. However, we do not have such mechanism yet.There are further places in the code which would need to be considered.
For example, OSV has a mapping from
Identifier.type
to OSV ecosystem constants. So, currently OSV cannot be used for plugin package managers which would require extension of that mapping.In my view, it would make sense to define start a dedicated
PackageManagagerPlugin
interface, which would contain (very roughly spkeaking):PackageManagerFactory.create()
What do other guys think? @oss-review-toolkit/core-devs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Exactly. We had discussed that in past, and I have several branches on roughly that topic lying around (
identifier-types
,multiple-identifier-classes
) that also try to deal with the problem that a package manager's project type does not need to match with it package type(s).So for package manager that support multiple package types, like
Pub
, we'd even need a set of package types / PURLs / OSV ecosystem coordinates.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sschuberth not sure if I get your point. Do you believe it's fine to add mappings for non-existing types now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was just amending to your API proposal more cases that we'd need to cover with such a new API.
Basically no, but the right way to do it would require a rather large refactoring, I believe. Not sure whether that's feasible to do (now). I guess we should discuss this in a Kotlin developer meeting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My 2 cents: for the time being I found a workaround so we can close this PR.
However this topic should definitively be discussed as it will surely arise again.