ort icon indicating copy to clipboard operation
ort copied to clipboard

Published 20 hours ago verified publisher icon oss-review-toolkit

Support OSSelot as a curation provider

Open sschuberth opened this issue 2 years ago • 1 comments

OSSelot is OSADL's "branding" of @OliverFendt's https://github.com/Open-Source-Compliance/package-analysis. With OSADL's backing that repository probably gets more traction, so we should consider adding is as a curation provider despite a few issues:

  • There is no API; curations are stored in tag-value (!) SPDX files. Also see https://github.com/Open-Source-Compliance/package-analysis/issues/20.
  • The repository focuses on curations for embedded (Linux) development. This means there usually is no package manager involved. As a result, many of the PURLs simply use generic as the type (see here, and click on "Show package URLs").
  • The use of generic means that download_url / vcs_url qualifiers are required to concretely identify packages. However, currently ORT does not take URLs into account when looking up curations, as only ORT package ids are used (this is actually being addressed as part of https://github.com/oss-review-toolkit/ort/pull/6387).

sschuberth avatar Jan 24 '23 13:01 sschuberth

There is no API

By now there is, see https://wiki.osselot.org/index.php/REST. However, that "API" only gets us SPDX files in different formats.

sschuberth avatar Sep 25 '24 12:09 sschuberth