I had been thinking that we would use the git commit hash as a marker for uniqueness of a given plugin version, but there will be some situations where this doesn’t work.
What happens when a developer does multiple releases on GitHub based on the same commit hash from the source code?
What happens when a developer releases version 1.0.1, notices an issue and re-releases different code to fix the issue but still calls it 1.0.1?
The right thing to do in these cases is to create a new commit corresponding to the new release, and bump the version number for the fixed version, respectively, but not everyone will do this.
Should we be a bit more flexible about what a specific version number means, or should we block these situations from occuring?
I’m leaning towards the latter, which would mean that we link each version number to a commit hash and a zip file checksum (if the zip is released separately). This will guarantee that you know what you’re getting for a given plugin based on its version number, which is very useful once we get into dependencies.