aboutcode-toolkit icon indicating copy to clipboard operation
aboutcode-toolkit copied to clipboard

Published 20 hours ago verified publisher icon nexB

Add new attributes for curations

Open AyanSinhaMahapatra opened this issue 2 years ago • 6 comments
trafficstars

Adds two new attributes:

  • deployed_resource
  • is_curated

These are used to curate resources in deployed code.

Reference: https://github.com/nexB/scancode.io/issues/834

AyanSinhaMahapatra avatar Sep 27 '23 09:09 AyanSinhaMahapatra

@AyanSinhaMahapatra and @pombredanne Can you elaborate a bit what is the different between the about_resource and deployed_resource and what is the value of it (in another word, why is it needed)? From your example

about_resource: elasticsearch
deployed_resource: elasticsearch-2.3.4.jar
is_curated: yes

Is the above referencing a directory named elasticsearch, and the file elasticsearch-2.3.4.jar inside the elasticsearch directory is deployed. I think the ABOUT file should only reference the "metadata" (i.e license/copyright/info etc.) of the file/component/package itself instead of it deployment status. Imagine the development team use the same codebase for multiple products while one deploy the elasticsearch-2.3.4.jar and others don't? Would that create confusion (or extra work)? I am not against this, but I would like to clarify the need of this attributes

chinyeungli avatar Sep 27 '23 22:09 chinyeungli

Is the intent for deployed_resource to describe the name of the component when it is deployed as opposed to denoting that it is Deployed in a particular context?

mjherzog avatar Oct 26 '23 23:10 mjherzog

Oh... so is it referring something like ?

about_resource: zlib
deployed_resource: libz.so

chinyeungli avatar Oct 26 '23 23:10 chinyeungli

Can you elaborate a bit what is the different between the about_resource and deployed_resource and what is the value of it (in another word, why is it needed)?

In the context of d2d, we are now also using ABOUT files to map to resources on the deployed side, as curations.

https://github.com/nexB/aboutcode-toolkit/pull/539#issuecomment-1782042919 is correct, here ABOUT files which are there in the development codebase side-by-side with the files is different from curation ABOUT files, which are there also in the developement codebase in a location where the code is being built from, but maps to the deployed side. Some examples are patched jars, specific resources built from other sources and other packages. To be able to distinguish between these two types of ABOUT files we need the is_curation attribute. See also https://github.com/nexB/scancode.io/issues/834

Now we are using patterns to map to deployed resource paths, and this is also different from the about_resource field in the ABOUT spec as this is resources in the deployed side, and not present side-by-side in the devel codebase. We are currently using about_resource temporarily to have these patterns, until this spec change is accepted. But this is incorrect both because of the above reason, and that the about_resource spec does not support patterns for now.

The example doc here can be improved to explain more on this all right, let me add that too. See also:

  • https://github.com/nexB/scancode.io/pull/982
  • https://github.com/nexB/scancode.io/pull/810

Is the intent for deployed_resource to describe the name of the component when it is deployed

Yes. And also the location where it is deployed through patterns (for now atleast, we can use checksums too later), so we map it correctly.

AyanSinhaMahapatra avatar Oct 27 '23 04:10 AyanSinhaMahapatra

We need to discuss this more.

pombredanne avatar Nov 01 '23 15:11 pombredanne

@AyanSinhaMahapatra and I had a session and came up with this update approach https://github.com/nexB/scancode.io/issues/834#issuecomment-1892012130

This would mean adding a new optional attribute called codebase that would state which codebase the ABOUT file applies to, with values of development, deployment

pombredanne avatar Jan 15 '24 11:01 pombredanne