Skip to content

BUG: Packages being created with inadequate PURL data #275

New issue
New issue
Open
Open
BUG: Packages being created with inadequate PURL data#275
Assignees
tdruezpombredanneDennisClark
Labels
HighPriorityHigh PrioritybugSomething isn't workingintegrationIntegration with other applications
@DennisClark

Description

@DennisClark
DennisClark
opened on Mar 5, 2025

This problem actually is associated with multiple AboutCode projects, but the impact is most apparent to the DejaCode user. A recent import of an SBOM to a product in DejaCode resulted in the creation of 3 different package definitions for pkg:github/pypa/[email protected] each with a different download URL. A subsequent search for [email protected] turned up 2 older package definitions for pkg:pypi/[email protected] each with a different download URL. We don't have a problem of duplicate packages here, but the PURLs are not well defined and should contain additional details to differentiate them:

  • The 2 pypi packages should have a file_name qualifier.
  • The 3 github packages should have a subpath value.

Screenshot of the 5 [email protected] packages attached.

Image

Metadata

Metadata

Assignees

Labels

HighPriorityHigh PrioritybugSomething isn't workingintegrationIntegration with other applications

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions