OCI type: is version required?

[MarkLodato]

The text currently says:

The version is the [...] and is required to uniquely identify the artifact.

Does that mean that the field is REQUIRED, and the "to uniquely identify the artifact" is explaining why it's required? Or is it only required if you want to uniquely identify the artifact?

To clarify, I suggest either:

• The version is REQUIRED and is the [...]. This is needed to uniquely identify the artifact.
• The version is the [...]. It SHOULD be specified to uniquely identify the artifact.

If it is actually the first version, I strongly suggest making it optional. oci is the only type where version is required, and the spec even says "version: the version of the package. Optional". In some cases it is necessary to describe a package with a floating label where the hash is not yet resolved.

[itaysk]

the spec already says it's optional for all types:

version: the version of the package. Optional.

[johnmhoran]

Hi @MarkLodato . I don't know what the language of the oci type definition was when you opened this issue, but right now, the definition does not include the term "required":

The version is the sha256:hex_encoded_lowercase_digest of the artifact and is used to uniquely identify the artifact.

Ah, looking at blame, I see the language was updated via PR 432 by @p-rog, merged on 2025-03-27. If that PR fully addresses your concern, can you please close this issue?

[MarkLodato]

Yes, PR 432 addressed the issue. Thank you.