Ecosyste.ms: Timeline
Browse the timeline of events for every public repo on GitHub. Data updated hourly from GH Archive.
sschuberth created a comment on a pull request on oss-review-toolkit/ort
> In expected output like files yet, in file which are used only as input probably no. Hmm. I tried to find relevant purls with %-encoding by running git grep -El "pkg:.*%" | grep -vE "(e...
fviernau created a review comment on a pull request on oss-review-toolkit/ort
And the use case we have implemented: Detected copyright findings which do not have a nearby detected license they can be associated with, get associated with the "main" licenses of the package. An...
sschuberth created a tag on oss-review-toolkit/ort
37.0.0 - A suite of tools to automate software compliance checks.
fviernau created a review comment on a pull request on oss-review-toolkit/ort
The algorithm normally starts at the VCS path (node) of the package. Looks inside that node for license files. If found returns, if not, go up. Repeat until the root. The idea is: Normally the...
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
From reading the test cases I thought that the use-case would be a more generic one: To check the licenses for any path, and the root directory (which implies the package license) only being a spec...
fviernau created a comment on a pull request on oss-review-toolkit/ort
> Would "provenance resolution" mean that the Analyzer has scanned for dependency management files? Oh, I see. It's with the `project` sources, not with any of the `Package`s sources aka. depen...
fviernau created a review comment on a pull request on oss-review-toolkit/ort
How about renaming this to `ancestorPackageIds` or just `ancestorIds` ?
fviernau created a review comment on a pull request on oss-review-toolkit/ort
Should this additional say: "Not adding $pkgId." ?
fviernau created a review comment on a pull request on oss-review-toolkit/ort
Is it necessary to use `analyze()` or could it use `resolveSingleProject()` for a simpler expected result file?
fviernau created a review comment on a pull request on oss-review-toolkit/ort
Could `parents` this have a default value?
codecov[bot] created a comment on a pull request on oss-review-toolkit/ort
## [Codecov](https://app.codecov.io/gh/oss-review-toolkit/ort/pull/9327?dropdown=coverage&src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=os...
fviernau created a review comment on a pull request on oss-review-toolkit/ort
> The term "main license" to me is more something that makes sense in the scope of a whole package, where you want to emphasize that some licenses are more important than others in that they refer ...
oheger-bosch opened a pull request on oss-review-toolkit/ort
feat(spdx): Deal with cycles in dependency relations
Circular dependency relations caused the SPDX package manager to run in a stack overflow. Avoid this by detecting cyclic dependencies and handle them gracefully.
sschuberth pushed 1 commit to main oss-review-toolkit/ort
- deps: update ksp to v2.0.21-1.0.26 d169fae
sschuberth closed a pull request on oss-review-toolkit/ort
deps: update ksp to v2.0.21-1.0.26
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [com.google.devtools.ksp:symbol-processing-api](https://goo.gle/ksp...
wkl3nk created a comment on a pull request on oss-review-toolkit/ort
@fviernau wrote > can you confirm that the issue happens during provenance resolution? Would "provenance resolution" mean that the Analyzer has scanned for dependency management files? If yes, ...
fviernau created a review comment on a pull request on oss-review-toolkit/ort
Ok, if reproduced it. The code is indeed reachable: ``` yarn info --json [email protected] > /dev/null {"type":"warning","data":"package.json: \"test\" is also the name of a node core module"} {"t...
fviernau created a review comment on a pull request on oss-review-toolkit/ort
This is where the code comes from: https://github.com/oss-review-toolkit/ort/commit/fb7cdabb667492163ac380da142836005d2bf4c1
codecov[bot] created a comment on a pull request on oss-review-toolkit/ort
## [Codecov](https://app.codecov.io/gh/oss-review-toolkit/ort/pull/9326?dropdown=coverage&src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=os...
fviernau created a review comment on a pull request on oss-review-toolkit/ort
I still have doubts that the error handling code path is used at all. We don't have any test using it, and more importantly, when the call to run does not throw the command has been executed succ...