Prefer artifact relationships over package relationships #556
Comments
|
Could we clarify the definition of "artifact" in the description? I just saw #555, and I like the cleanliness of that direction. I understood the new meaning of "artifact" to be things like "packages", "files", and "distro" — and not "relationships". And a goal of this issue is "Promote relationships as a first class artifact". Will relationships also appear as artifacts in the new design? |
|
@luhring the usage of artifact in goal 1 was unintentional --updated. |
|
From an offline conversation with @spiffcs : When it comes to forming/discovering/creating relationships, let's make the following assumptions:
|
Context
Today we capture only package-to-package relationships. It isn't possible to express things such as a file-to-package or file-to-file relationship.
The goals of this issue are:
artifactobjects raised by catalogers.To goal 1: catalogers today only raise
[]pkg.Package, which means that any relationships you are adding must be added after the cataloging step, after connectivity data may be missing (this is the case for most ecosystems). If the cataloger were to additionally return[]Relationshipit would allow the catalogers to be more expressive.To goal 2: Today's
pkg.Relationshipshould probably be promoted to a root-level package. This additionally implies that the existingpkg.IDwill need to be replaced with something more agnostic... with additional requirements that anything that wants to express a relationship with something else have an ID that works globally.This work is most likely coupled to how IDs are expressed in packages; that is, should they remain as UUIDs? or something more stable like a package fingerprint? See #363 for more details.
The text was updated successfully, but these errors were encountered: