I chatted with Philippe Ombredanne about Package URLs, or PURLs. He created them, so he knows a thing or two.
We do complain about CPE quite a bit :)
But it's a really hard problem. It feels like a package identifier should be easy, but it's way harder than you think it is. There's nobody better than Philippe to drop some knowledge.
https://opensourcesecurity.io/2025/2025-06-purl-philippe-ombredanne/
Re: «deficiencies of "package URLs" (#purl) and how they still don't actually work to identify all and every project»
PackageURLs aren't really suitable for identifing _projects_ (a hard task when taking into account how names change depending on context, history and more).
They _are_ suitable for identifying _packages_ – and if you're not in the business of producing, distributing, curating, consuming, verifying or referring to packages, then yes, purls will be of limited use! 😃
Understanding the PURL Specification (Package URL)
https://fossa.com/blog/understanding-purl-specification-package-url/
#HackerNews #Understanding #PURL #Specification #Package #URL #PURL #FOSS
🇺🇦 #NowPlaying on #KEXP's #PacificNotions
Purl:
🎵 Waking Up
https://purl.bandcamp.com/track/waking-up
https://open.spotify.com/track/0vVukp65edtuVyaQaXN6Xe
🎶 show playlist 👇
https://open.spotify.com/playlist/6iDfAS4fe0RJYA6CWTyzvq
🎶 KEXP playlist 👇
https://open.spotify.com/playlist/6VNALrOa3gWbk794YuIrwg
@CVE_Program @adulau @pombr I quote: "VulnCon 2025: One submission has been made for a panel on “Software Identity and the Vulnerability Management Ecosystem,” covering topics like CPE and Purl. That's not from me, but it could be! 👍 (will be there - remotely)
🚀 Exciting news: Socket is now part of TC54! We're joining forces to help shape the future of SBOMs, CycloneDX, and PURL, making software supply chains more secure & transparent.
https://socket.dev/blog/socket-joins-tc54 #SBOM #CycloneDX #PURL #cybersecurity
@MobileMaggie Thanks! Yeah #permalinks are great, and IMO https://perma.cc/ is great for institutional archiving.
Of course, if a #DOI exists, the URL itself could be a permalink, and there's even an official DOI URL shortener:
And for items without a DOI, the @internetarchive maintains a Persistent URL (#PURL) service:
https://blog.archive.org/2016/09/27/persistent-url-service-purl-org-now-run-by-the-internet-archive/
#PersistentIdentifiers #openResearch #OpenScience #openScholarship
The OWASP CycloneDX team will be well represented at @fosdem.bsky.social ! We'll talk in the Security dev room and the SBOM dev room. Find us if you want to chat about CycloneDX, PURL, TEA or other CycloneDX projects. #SBOM #CYCLONEDX #TEA #PURL @cyclonedx.bsky.social @owasp.org
@awinkler @librerli @stabi_berlin Der resolver ist unser #pURL Resolver. Die verwendete ID dort ist spezifisch für diesen Dienst und wir bei uns nirgendwo sonst genutzt (natürlich finden sich die #pURLs in unseren Nachweissystemen). Der Resolver wird natürlich weiterbetrieben und es werden auch weiterhin neue #pURLs für Digitalisate vergeben.
Purl - Stillpoint (Full Album 2015)
https://dalek.zone/videos/watch/4b98835a-a47e-44e7-9864-d35e5eef2abe
If you were writing a book of knitting patterns, and the patterns were all for yoke-style sweaters, the perfect title doesn't exi-
WINNER: Olga Putano, "Only Yoking"
#OnlyYoking #OlgaPutano #knitting #pattern #TopDown #YokeStyle #jumper #book #top #down #seamless #yoke #sweater #patterns #knit #purl #pearl too #gauge #swatch #circular #needles #definitely #maybe #magic #loop
14/
By #InternetArchive ( https://mastodon.archive.org/@internetarchive/113349650637331168 ):
https://blog.archive.org/2024/10/21/internet-archive-services-update-2024-10-21/
"services will have limited availability as we continue maintenance"
"We stand with all libraries that have faced similar attacks—British Library, Seattle Public Library, Toronto Public Library, and Calgary Public Library—and with the communities we serve"
By @textfiles
https://mastodon.archive.org/@textfiles/113342937735712879
A key service still offline: the global Persistent URL system (#PURL, https://en.wikipedia.org/wiki/Persistent_uniform_resource_locator#History) https://purl.org/
@acka47 @joerglohrer hat auf nostr berichtet das #purl.org down ist. https://hostux.social/@dderigo/113312462486010060 verbindet das mit der Attacke aufs Internet Archive. Weißt du da mehr? Die audience verweise im amb sind davon auch betroffen
1/
Thoughts after a cyberattack to @internetarchive (the #WaybackMachine seems to be back read-only)
Facts:
- https://mastodon.archive.org/@internetarchive/113290094683712789
- By @brewsterkahle: https://mastodon.archive.org/@brewsterkahle/113304263804387160
- Among the key services, the global Persistent URL system (#PURL, https://en.wikipedia.org/wiki/Persistent_uniform_resource_locator#History) is still offline: https://purl.org/
Disturbing how this seems to align with other attempts to cancel key parts of the digital memory of our age. So, part of our culture
On the #InternetArchive:
https://help.archive.org/help/where-does-my-donation-go/
This is from a couple years ago - he's in college now - kidding; I presented it w/ a toy taxicab car. It's his taxicab dispatcher sweater vest, complete w/ a set of stackable yellow & black buttons, to play checkers on the back!
#knitwear #designer #no #patterns #ever #knitting #cable #stitch #taxicab #dispatcher #child #sweater #vest #red #light #big #buttons #blue #epaulets #checker #board #reverse #knit #purl #cute #kid #toy #car #needles #ribbing #collar #pick #up #stitches #yarn #gauge
Did some knitting this summer after a long break. These are oversized bookmarks for framing. The border will say “In case of reading emergency, break glass”.
#reading #emergency #break #glass #case #frame #wall #book #time #knit #pattern #texture #cable #basket #weave #purl #pearls too
Love this. Do your guage swatches, you will learn much, grasshopper.
By Franklin Habit, for Lion Brand Yarns.
#devils in the #details #knit #your #guage #swatches #knitting #project #pattern #size #inches #feet #measure #purl #pearl too #cable #garter #stitch #what #size #needles #lion #brand #LionBrand #yarn #swatch, #grasshopper, & #learn...
