KDE and packageurl
Albert Astals Cid
aacid at kde.org
Thu Mar 5 00:30:59 GMT 2026
El dijous, 5 de març del 2026, a les 1:03:45 (Hora estàndard d’Europa
central), Aleix Pol va escriure:
> On Wed, Mar 4, 2026 at 5:46 PM Albert Astals Cid <aacid at kde.org> wrote:
> > Hello,
> >
> > At FOSDEM I talked with someone that is working on packageurl and he
> > suggested it would be nice if KDE adopted it.
> >
> > What is package url?
> >
> > "PURL introduces a standardized URL-based syntax that uniquely identifies
> > software packages"
> >
> > Example:
> > pkg:deb/debian/curl at 7.50.3-1?arch=i386&distro=jessie
> >
> > https://packageurl.org/
> > https://tc54.org/purl/
> > https://github.com/package-url/purl-spec/blob/main/README.md
> >
> > I guess one should say something like
> >
> > pkg:kde/okukar at 25.12.2?qualifiers
> >
> > And then for qualifiers we would have to think what to do, do we care only
> > about tarballs? Or do we want to include all the binary packages we
> > support? I guess if it has to be "unique" it should include the binary
> > packages too.
> >
> > Do we see any value in adopting it?
>
> From a Plasma Discover standpoint, we have been using appstream urls
> to identify apps. Uses of packages themselves in the software are
> slowly getting faded out because they are of little use to end-users.
> https://freedesktop.org/software/appstream/docs/sect-AppStream-Misc-URIHandl
> er.html
>
> In the end, for apps there's normally only one version that matters
> which is the stable one and one architecture that matters which is the
> one you are running.
>
> It could make sense to offer such package urls I guess, but I don't
> really know where though :D. KDE Neon?
I think one place that was mentioned is so that folks can univocally point to
packages in all the SBOM thing (and possibly vulnerabilities too).
Cheers,
Albert
>
> Best,
> Aleix
More information about the kde-devel
mailing list