On Jul 19, 2016 2:37 AM, "Nick Coghlan" <[email protected]> wrote: > > On 18 July 2016 at 02:56, Wes Turner <[email protected]> wrote: > > If you have an alternate way to represent a graph with JSON, which is > > indexable as as RDF named graph quads and cryptographically signable > > irrespective of data ordering or representation format (RDFa, JSONLD) with > > ld-signatures, > > I'd be interested to hear how said format solves for that problem. > > It doesn't, but someone *that isn't PyPI* can still grab the data set, > throw it into a graph database like Neo4j, calculate the cross > references, and then republish the result as a publicly available data > set for the semantic web. That way, the semantic linking won't need to > be limited just to the Python ecosystem, it will be able to span > ecosystems, as happens with cases like npm build dependencies (where > node-gyp is the de facto C extension build toolchain for Node.js, and > that's written in Python, so NPM dependency analysis needs to be able > to cross the gap into the Python packaging world) and with frontend > asset pipelines in Python (where applications often want to bring in > additional JavaScript dependencies via npm rather than vendoring > them). > > Given that we already have services like libraries.io and > release-monitoring.org for ecosystem independent tracking of upstream > releases, they're more appropriate projects to target for the addition > of semantic linking support to project metadata, as having one or two > public semantic linking projects like that for the entirety of the > open source ecosystem would make a lot more sense than each language > community creating their own independent solutions that would still > need to be stitched together later.
so, language/packaging-specific subclasses of e.g http://schema.org/SoftwareApplication and native linked data would reduce the need for post-hoc parsing and batch-processing. there are many benefits to being able to JOIN on URIs and version strings here. I'll stop now because OT; the relevant concern here was/is that, if there are PyPI-maintainer redirects to other packages, that metadata should probably be signed (and might as well be JSONLD, because this is a graph of packages and metadata). And there should be a disclaimer regarding auto-following said redirects. Also, --find-links makes it dangerous to include comments with links. #PEP426JSONLD > > Cheers, > Nick. > > -- > Nick Coghlan | [email protected] | Brisbane, Australia
_______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
