Add missing values to resolved configuration #7453
Comments
mnonnenmacher
added
enhancement
Add an option to use only the resolved configuration from the ORT result file instead of the configuration from the local ORT config directory. In the first iteration this only affects package configurations and resolutions. Support for package curations will be added later. Additional resolved configurations can be supported once implemented in ORT [1]. The goal of this feature is to be able to use the ORT Workbench as a replacement for a generated report. Currently this is not the case, as the local configuration can be different to the one used be the ORT tools which can lead to inconsistencies. Note that currently not all screen update correctly when the setting is changed, for example the package details screen needs to be reloaded to show the changes and all filters are reset. This will be addressed in later commits. [1]: oss-review-toolkit/ort#7453 Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@gmail.com>
This file can historically be massive. Before including this into the resolved configuration, I'd like to re-evaluate whether the copyright garbage feature is still required at all. My hope would be that by now ScanCode has improved so much that practically no garbage is recognized as copyright statements at all, or that such garbage would implicitly be discarded by ORT as it cannot be associated to any nearby license. |
I believe it would be great if we could solve #4519 frist. |
Add an option to use only the resolved configuration from the ORT result file instead of the configuration from the local ORT config directory. In the first iteration this only affects package configurations and resolutions. Support for package curations will be added later. Additional resolved configurations can be supported once implemented in ORT [1]. The goal of this feature is to be able to use the ORT Workbench as a replacement for a generated report. Currently this is not the case, as the local configuration can be different to the one used by the ORT tools which can lead to inconsistencies. Note that currently not all screen update correctly when the setting is changed, for example the package details screen needs to be reloaded to show the changes and all filters are reset. This will be addressed in later commits. [1]: oss-review-toolkit/ort#7453 Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@gmail.com>
With "applied copyright garbage" I mean to only store the part which was actually used. |
Add an option to use only the resolved configuration from the ORT result file instead of the configuration from the local ORT config directory. In the first iteration this only affects package configurations and resolutions. Support for package curations will be added later. Additional resolved configurations can be supported once implemented in ORT [1]. The goal of this feature is to be able to use the ORT Workbench as a replacement for a generated report. Currently this is not the case, as the local configuration can be different to the one used by the ORT tools which can lead to inconsistencies. Note that currently not all screen update correctly when the setting is changed, for example the package details screen needs to be reloaded to show the changes and all filters are reset. This will be addressed in later commits. [1]: oss-review-toolkit/ort#7453 Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@gmail.com>
Should we also consider resolving all package configurations already at the analyzer stage? Currently, that happens only at the evaluator stage. |
The analyzer does not know the resolved provenance, so that is not possible. The earliest point where this could be done would be the end of the scanner run. |
|
Based on a discussion on Slack I have created the following proposal. If we agree that this should be implemented, it should probably be done before working on this issue and adding more data to the resolved configuration: So far we have resolved the configuration at the latest possible time (e.g. the resolutions in the evaluator). This could result in inconsistencies between the exit codes of one tool and the results of another if they used different input, for example different resolutions.
The commands could have options to re-resolve parts of the resolved configuration if that is required for the orthw workflow (or there could be a separate command for that to simplify the others at the cost of having to run two commands). |
The
ResolvedConfigurationcurrently only stores package configuration, package curations, and resolutions. This is not enough to ensure that consistent reports can be created from the ORT result file.Add the following properties:
addAuthorsToCopyrightsNote that complete consistency cannot be achieved because some values like the license file archives cannot be included in the ORT result file.
Also see this comment: #6188 (comment)
The text was updated successfully, but these errors were encountered: