Episode 121: Package Metadata Working Group with Andrew Nesbitt and Damián Vicino

9 snips

Oct 16, 2025

Andrew Nesbitt, an open source developer focused on package ecosystem sustainability, teams up with Damián Vicino, an experienced open source practitioner, to discuss the creation of the Package Metadata Working Group. They dive into the complexities of package manager metadata, including interoperability issues and the nuanced meanings of identical field names. The conversation also emphasizes how standardized mappings can benefit developers and researchers alike, while inviting new contributors to join their initiatives.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Metadata Interoperability Is Broken

Package metadata lacks interoperability across ecosystems, creating heavy mapping work to normalize fields like name, description, license, and dependencies.
Standardizing mappings or documenting patterns reduces duplicated effort for SBOMs, researchers, and tool builders.

ANECDOTE

Mapping Registries To One Schema

Andrew described building mappings across many registries to normalize fields into a single schema for his ecosystems project.
He used registry APIs and source code to translate varied responses into a unified database for sustainability and security analysis.

ADVICE

Start By Mapping Current Practices

Document the current state of package manager fields and expected values before proposing changes or specs.
Use that map to produce pragmatic recommendations and examples rather than rigid, immediate enforcement.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Thank you to the folks at Sustain for providing the hosting account for CHAOSSCast!

CHAOSScast – Episode 121

In this episode of the CHAOSScast, host Alice Sowerby sits down with Andrew Nesbitt and Damián Vicino to discuss the formation and objectives of the new Package Metadata Working Group within the CHAOSS community. They discuss the complex issues surrounding package manager metadata, its interoperability challenges, and how the working group aims to address these through mapping and standardization efforts. They also touch upon the importance of these efforts for various stakeholders, including developers, researchers, and tool builders. The conversation highlights both the immediate and long-term goals of the group and provides information on how interested individuals can get involved. Hit download now to hear more!

[00:00:26] Introductions from Alice, Andrew, and Damián.

[00:02:36] Damián explains how the Package Metadata Working Group started.

[00:04:33] Andrew shares his experience building mappings across multiple package registries and how differing field names, schema structures, and metadata definitions complicate consistency.

[00:10:21] Alice asks about the group’s short and long term objectives and Andrew outlines some immediate goals.

[00:14:52] Damián elaborates on challenges in semantics and timelines. He emphasizes that even identically names fields may carry different meanings and shares an example.

[00:18:46] Alice summarizes Damián’s point saying the group’s role is to provide guidance and analysis rather than enforce standards, helping maintainers make informed metadata decisions.

[00:19:25] Andrew adds that most package managers evolve independently without referencing past ones. The working group’s documentation aims to prevent repeated mistakes and guide new ecosystems toward interoperable designs.

[00:23:06] Damián notes that modern software projects often depend on multiple ecosystems, making license tracking and dependency management exponentially harder without interoperability.

[00:25:02] Andrew explains how researchers waste time rebuilding metadata mapping from scratch across ecosystems and having unified references would accelerate research and tool development.

[00:27:58] Damián discusses how better metadata could support academic credit and funding by enabling easier citation and recognition of open source contributions tied to research projects.

[00:29:39] How can you get involved? Damián invites package manager developers and metadata tool builders to join, and Andrew encourages anyone working with SBOMs or package metadata tools to contribute war stories, mapping, or research use cases.

[00:33:01] Andrew mentions all the places you can join in on the meetings and to share where you are interested in working on.

Value Adds (Picks) of the week:

[00:35:25] Alice’s pick is apples.
[00:36:17] Damián’s pick is hockey.
[00:37:04] Andrew’s pick is puppy training.

Panelist:

Alice Sowerby

Guests:

Andrew Nesbitt

Damián Vicino

Links:

CHAOSS

CHAOSS Project X

CHAOSScast Podcast

CHAOSS YouTube

podcast@chaoss.community

Alice Sowerby LinkedIn

Andrew Nesbitt Website

Andrew Nesbitt GitHub

Andrew Nesbitt Mastodon

Damián Vicino LinkedIn

Damián Vicino GitHub

CHAOSSWG: Package Metadata

CHAOSS Calendar

CHAOSS Slack

Special Guests: Andrew Nesbitt and Damián Vicino.

Support CHAOSScast