Martin Prpič

@pombredanne I suppose nothing is preventing purl users from specifying the versioning scheme in a qualifier, e.g. `pkg:pypi/[email protected]?version_scheme=semver`. Given a set of these, you could order them and determine vulnerable...

Yikes, I totally forgot about this PR, sorry! @roygrssmn What's the point of a second file that is mostly identical to `pre-commit` but has a different name? You could probably...

> Hey @mprpic, you mean that `.commit-msg` call `.pre-commit` script? I'm saying if you'd like to use that script as a commit-msg hook as well you could instead just modify...

The Red Hat ecosystem is large and varied so we're still working out the kinks on how to best structure the data in the OSV schema, but it's in progress!...

Colons are explicitly not encoded for an unknown reason: https://github.com/package-url/packageurl-python/blob/f98abf0f3c295873e18f968ebd00138a02d63b25/src/packageurl/__init__.py#L71C40-L71C40 This line was added as part of commit d7be0209d00fefd819d27804b1ee536765e6509e, but there is no explanation as to why. This applies to...

@tomato42 Can you provide an example of what this would look like for some specific CVE and library? If I understand your description, you're proposing some formalized way to recognize...