support multiple repositories

[MangoIV]

Summary

it would be good to have the Advisory type point back to the repository it stems from; reason being that

1. we would like to refer to an advisory by an URL
2. we would like to be able to have more than one source for the URL

[frasertweedale]

We are referencing the Hackage namespace. In most cases, the package description contains a reference to the repository.

In cases where it does not and a repository URL is known, I suggest using the existing references field, with reference type PACKAGE, pointing to the repo.

[MangoIV]

Oh no I mean multiple repositories for security advisories, sorry!

[frasertweedale]

@MangoIV ok, thanks for clarifying. If I understand, we want the advisory data (or exported formats, e.g. OSV), to point back to content in this repo?

[MangoIV]

@MangoIV ok, thanks for clarifying. If I understand, we want the advisory data (or exported formats, e.g. OSV), to point back to content in this repo?

yes; the idea would be that some independent entity could host their own set of security advisories and if a user so wishes, they can opt in to that repository as well and still, given an advisory, find its origin.