Alex Goodman

To add on to this, this implies that we need better ways to express cataloging configurability. That is, today we catalog "packages" under the packages command, and this allows us...

responding about the cataloger configuration (tackling in a odd order here): 1. I do have hesitations about the specific names I suggested above (with "manifest" and "installation"). It was the...

@luhring , I think you're right for the meantime if we exposed per-cataloger enable/disable functionality it's probably a good idea to keep that to configuration for the meantime and discover...

A note that wasn't mentioned in this comment thread explicitly was what commands would be added to the syft CLI and which would be removed. ``` syft ... # default...

I'm going to split out the configuration suggestions into it's own issue. That means this issue is only about deprecating the `packages` and `power-user` Suggested work: - Remove `power-user` command...

There is an alternative path here which is worth taking a closer look at. The notarization path only needs to be run on mac, and there are other tools that...

From refinement: 1. Possible solution: we could move the release process to a linux box, remove signing from the goreleaser process, post a draft release with unsigned mac assets, spin...

I think this was intended for anchore/syft , I'll transfer there. Regarding the specific issue, in short, I agree. Originally our package IDs in the syft-json format were random IDs,...

Thanks @developer-guy I'll push up the existing artifacthub-repo.yaml --I'll hold off on adding the repository ID (for publisher verification) until we get this transferred 👍

The work proposed in #32 aims to deduplicate packages in a way where the same package found in multiple locations would be listed as a single package and have multiple...