Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

purl for Ubuntu ESM? #388

Open
dodys opened this issue Feb 4, 2025 · 0 comments
Open

purl for Ubuntu ESM? #388

dodys opened this issue Feb 4, 2025 · 0 comments
Labels
type: deb

Comments

@dodys
Copy link

dodys commented Feb 4, 2025

For Ubuntu releases that are LTS (Long Term Support), after 5 years you have the ESM (Expanded Support Maintenance) period. The repository for ESM is different from the repository for the LTS period, e.g.:
https://archive.ubuntu.com/ubuntu/dists/
https://esm.ubuntu.com/infra/ubuntu/dists/ (for main packages)
https://esm.ubuntu.com/apps/ubuntu/dists/ (for universe packages)

Currently there are two possibilities, from my point of view, to support ESM in purl:

  1. We specify ESM through the distro parameter, which is what we are temporarily doing until we get to a conclusion here.
    For example:
    pkg:deb/ubuntu/[email protected]+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
    https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-18838.json#L23

    And that would mean that only tools that convert purl ids into actual URLs to understand what is the ESM entries there.

  2. We would need to use a different namespace or repository_url instead for ESM. That also means that tools would need to understand this new namespace.

Thoughts? Preferences?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: deb
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dodys @johnmhoran