Package URL to be standardised as ECMA standards - should we converge?

[bact]

Since SPDX 3.0.1 (to be published in a near future) make use of the Package URL (using our own copy of the spec, because the need to "freeze" the version for ISO submission purpose), we may have to aware of the standardisation and maybe trying not to diverge the way forward.

https://ecma-international.org/task-groups/tc54-tg2/

Scope:

Ecma TC54-TG2 is chartered with the standardization of Package URL (PURL). The scope of this task group will include:

• PURL specification: development and maintenance of the PURL standard, which provides a clear and concise method for identifying packages across various package management systems.
• VERS specification: establishment and standardization of VERS, a specification designed to consistently represent version ranges, providing a uniform approach to managing version constraints across different programming environments and package managers.
• PURL types: standardization of PURL types, which categorize packages by their respective package management systems, ensuring that PURL remains flexible and comprehensive in covering various types of packages.

Community interaction and review: Engage with the software development community to gather feedback, review new PURL type requests, and ensure the PURL specifications remain relevant and effective in addressing the needs of package management systems and software developers.

[zvr]

We know of this effort, and we never planned to "diverge" from what was publicly available.

If the ECMA group results in something different than what was defined in the GitHub repo, we would have to live with it, till the next version of SPDX.