Skip to content

Kotlin Developer Meeting

Sebastian Schuberth edited this page Nov 11, 2024 · 143 revisions

This page hosts the agenda of Kotlin / deeply technical topics to be discussed by the core developers in a smaller round than the Community Meeting. If you want to contribute and have concrete technical questions, please ping us on Slack to get invited to the meeting.

Meeting Minutes

Future

2024-11-12

2024-11-05

2024-10-15

2024-10-08

  • Setting SPDX's licenseDeclared e.g. for Go dependencies that have no metadata?
    • Yes, based on RootLicenseMatcher.
    • Additionally, the analyzer could query the GitHub API for "repository declared licenses" (which are actually licenses detected by Licensee).
  • Should we have a "too many scan failures" heuristic for scanners? Also see this discussion.
    • Rather throw special exception from scanner implementation that generic heuristic on "client" side.
  • Used for backlog grooming ("Closed as part of backlog grooming. Feel free to comment if you would like to contribute to this.")

2024-09-24

  • Build ORT with Java 21
    • Postpone by at least one week to not cause migration efforts for this week's release, which contains important Bazel changes.
  • Remove SPDX document file analyzer in favor of making the package list helper-cli an analyzer.
    • No, still required by Bosch. Better do another implementation based on the new SPDX Java library, similar to a new SPDX reporter.
    • Also will be required by BitBake support.
  • Cleanup of teams.
    • Proposal: Consolidate "Committers", "Contributes" and "core-devs" to just "devs".

2024-09-17

  • Discuss how to best represent projects which are part of a "workspace" in the analyzer result. As Project or as Package. See also node managers.

2024-09-10

  • New API to download JDKs.
    • Expose version (and name) property to select JDK.
  • Remove NexusIQ.
    • 90 day deprecation notice first, ask in community meeting.
  • Work to maintain CVSS vectors.
    • Split severity into score and vector.

2024-08-27

2024-08-20

2024-07-15

2024-07-08 (skipped)

  • Skipped due to general unavailability of participants.

2024-07-01

2024-06-24

2024-06-17

2024-06-10

2024-06-03

2024-05-27

2024-04-29

2024-04-08

2024-01-29

2024-01-08

  • Scanner API improvements
    • Teach scanPackage about the configured sourceCodeOrigins.
    • Make the global scanner configuration accessible from scanner implementations.
  • Remove the SpdxExpression.licenses() function as it makes it too easy to do "dangerous" things?
  • Replace the ort-config's curation project with a script-based solution?
  • Allow key / value pair as license categories with arbitrary values, see this.

2023-12-18

2023-11-27

2023-11-20

2023-10-30

  • Where to apply default values for advisor configuration?
  • Align create(options: Options) implementations.
  • Get rid of double config nesting in ORT results for advisor / scanner configuration?
    • We should try to avoid constructs like val frontendUrl = ortResult.scanner?.config?.config?.get("DOS")?.options?.get("frontendUrl"), maybe by introducing a helper extension function (as a smooth transition to an interface-based API).

2023-10-09

2023-09-18

  • Maintain orthw and helper-cli in a single repo?

2023-09-04

2023-08-30

2023-08-21

2023-07-24

2023-07-17

2023-07-10

2023-07-03

2023-06-26

2023-06-19

2023-06-12

2023-06-05

2023-05-22

2023-04-17

2023-03-20

2023-03-06

  • New GoMod issue to look at.
  • How to move forward with (configurable advisor plugins)[https://github.com/oss-review-toolkit/ort/pull/6613]?

2023-02-26

2023-02-20

2023-02-06

2023-01-16

  • Separating & Re-applying curations for specific providers (see this comment)
  • Automated releases

2023-01-09

2022-12-19

2022-11-28

2022-11-21

2022-11-14

2022-11-07