package-analysis icon indicating copy to clipboard operation
package-analysis copied to clipboard
verified publisher icon ossf

Check for package-feeds pubsub `SchemaVer` field in Scheduler

Open tom--pollard opened this issue 4 years ago • 1 comments

The package-feeds project now validates & versions its package data output against a json schema https://github.com/ossf/package-feeds/blob/main/package.schema.json

The SchemaVer should follow semantic versioning, as such any minor 1.* release should guarantee compatibility for the current Scheduler expectations (Name, Version, Type). Any major version bump could signal incompatability (see https://github.com/ossf/package-feeds/issues/93 for example) as such this value should be checked before blindly accessing the current fields

tom--pollard avatar Apr 27 '21 10:04 tom--pollard

Thanks for the head's up!

oliverchang avatar Apr 28 '21 06:04 oliverchang