taleodor commented on issue #614: URL: https://github.com/apache/tooling-trusted-releases/issues/614#issuecomment-3923033803
> The question we were trying to answer in this thread is: can we use TEA to give PURLs to components that don't have one? I believe this should be solved within the PURL standard rather than TEA. Trying to inject TEA notations inside PURL creates potential for circular dependency. Also, domain in TEA is always an authoritative domain where .well-known/tea is hosted and the one leading to TEA server. I believe, SCID proposal you linked introduces some confusion here, which should be sorted out within TC-54. Also I'd like to note here, that TEI supports UUID-based resolution alongside PURL-based one (the demo video I linked above starts with that). In other words, if you're looking for TEA UUID-based resolution, it is possible to skip PURL entirely. However, this only has clear meaning within the TEA server context and wouldn't be useful for larger ecosystem (particularly, for things like CVE matching). In practice, we are actually using UUID-based TEIs for cases where it's impossible to come up with proper PURL. So this can be used as a stop-gap solution if there is no good PURL alternative. > I'm curious, may I ask who you reached out to and when? Sent you an email with details. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
