use tufaceous ArtifactVersion for artifact versions #7832
Conversation
| "ArtifactVersion": { | ||
| "description": "An artifact version.\n\nThis is a freeform identifier with some basic validation. It may be the serialized form of a semver version, or a custom identifier that uses the same character set as a semver, plus `_`.\n\nThe exact pattern accepted is `^[a-zA-Z0-9._+-]{1,63}$`.\n\n# Ord implementation\n\n`ArtifactVersion`s are not intended to be sorted, just compared for equality. `ArtifactVersion` implements `Ord` only for storage within sorted collections.", | ||
| "type": "string", | ||
| "pattern": "^[a-zA-Z0-9._+-]{1,63}$" |
There was a problem hiding this comment.
Is the upper bound of 63 characters intended to prevent a hex-encoded 256-bit hash from being used, and if not, could we please increase it to 64? It seems to me that if we're going to allow freeform versions, we should accept arbitrary hashes of commonly used lengths, too.
There was a problem hiding this comment.
Is the upper bound of 63 characters intended to prevent a hex-encoded 256-bit hash from being used, and if not, could we please increase it to 64? It seems to me that if we're going to allow freeform versions, we should accept arbitrary hashes of commonly used lengths, too.
Ah so the upper bound comes from database storage -- we decided in today's update watercooler to bump the limit to 64. I'll land this for now, and then bump the limit in a future PR.
There was a problem hiding this comment.
Database schema updated in #7849.
sunshowers
deleted the
sunshowers/spr/use-tufaceous-artifactversion-for-artifact-versions
branch
Per RFD 557, we're making artifact versions a freeform identifier (unlike system versions, which are still semver). Make this change.
New TUF repo creation via
tufaceous assemblestill requires semver for artifact versions, to ensure compatibility with wicketd in v13. But there's an override for that available in tufaceous.