Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SwiftURL ecosystem. #188

Merged
merged 2 commits into from
Aug 2, 2023
Merged

Add SwiftURL ecosystem. #188

merged 2 commits into from
Aug 2, 2023

Conversation

oliverchang
Copy link
Contributor

@oliverchang oliverchang commented Jul 28, 2023

Per

https://developer.apple.com/documentation/packagedescription/package/dependency
https://docs.swift.org/package-manager/PackageDescription/PackageDescription.html#package-dependency

Putting "URL" in the name to make this consistent with how it's actually defined using Package.Dependency.

There are some changes coming as part of https://github.com/apple/swift-evolution/blob/main/proposals/0292-package-registry-service.md, and we'll likely need to define a new ecosystem for that once it's finalized, as it looks like the identifiers are moving to a Scope.Name format.

Fixes #170.

@oliverchang
Copy link
Contributor Author

@darakian PTAL :)

@darakian
Copy link
Contributor

darakian commented Jul 28, 2023

I think we should add some language about versioning

https://docs.swift.org/package-manager/PackageDescription/PackageDescription.html#package-dependency-requirement
states

The version rule requires Swift packages to conform to semantic versioning. To learn more about the semantic versioning standard, visit semver.org.

My understanding is that there is no hard enforcement of that requirement
github/advisory-database#460 (comment)
but perhaps stating something like unless otherwise specified versions conform to semver 2.0 would work

Otherwise 👍

Add info on versioning. 

Signed-off-by: Oliver Chang <oliverchang@users.noreply.github.com>
@oliverchang oliverchang reopened this Jul 31, 2023
@oliverchang
Copy link
Contributor Author

I think we should add some language about versioning

https://docs.swift.org/package-manager/PackageDescription/PackageDescription.html#package-dependency-requirement states

The version rule requires Swift packages to conform to semantic versioning. To learn more about the semantic versioning standard, visit semver.org.

My understanding is that there is no hard enforcement of that requirement github/advisory-database#460 (comment) but perhaps stating something like unless otherwise specified versions conform to semver 2.0 would work

Otherwise 👍

Thanks for the additional context @darakian ! I just added a sentence on versions being git tags that conform to Semver 2.0. Judging by the thread you linked it seems like the only reasonable approach is to just ignore all non-SemVer versions, and I think the current wording suffices there.

@darakian
Copy link
Contributor

I'm not going to go as far as saying it's the ONLY reasonable course, but I've got no complaints on assuming semver 2.0 for all advisories in the ecosystem. 😄

@oliverchang
Copy link
Contributor Author

Yeah, but I do think it's the only practical approach. Without strict or well defined versioning schemes, we can't do much other than making older/non-conforming versions out of scope.

@chrisbloom7 WDYT?

Copy link
Collaborator

@chrisbloom7 chrisbloom7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🙇🏻

@oliverchang oliverchang merged commit 6e94f9c into main Aug 2, 2023
2 of 3 checks passed
@oliverchang oliverchang deleted the swift branch August 2, 2023 22:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add SwiftRepo / SwiftURL ecosystem.
3 participants