Propose 1.0 Milestone

[stevespringett]

There are many pull requests that need merged and unanswered questions among some of the issues.

The security industry is in the process of fully adopting PackageURL with OWASP and Sonatype already supporting it, and others joining. However, we need to come to an agreed upon 1.0 release and that means setting a target date, addressing some of the testsuite issues and specification questions.

I'm open for having regularly scheduled calls (webex, etc) to sort some of this stuff out.

[adg]

What kind of changes are permitted before the 1.0 release?

[pombredanne]

@stevespringett let's try to schedule some remote meeting in early December

[pombredanne]

@adg you wrote:

What kind of changes are permitted before the 1.0 release?

there is no hard and fast rules. Se also my reply to @robpike in #67

[stevespringett]

@pombredanne will you be coordinating?

[stevespringett]

Bumping this for visibility.

I propose to ratify the specification and syntax independently of PURL types. The syntax of the spec should not change and we should be cementing that. However, we should also be flexible enough as to ratify existing defined PURL types and formally reserve future ones, even if the details of future PURL types haven't been worked out yet.

[brianf]

I agree @stevespringett that the general shape of a purl (aka The Spec) is separate from a given type syntax. That said, do we need to consider any inherent versioning of the spec or the types before 1.0? I'm struggling to think of a good example but thought it worth asking.