Philippe Ombredanne
Philippe Ombredanne
## Short Description This is a process where software team run decentralized scans and federate their data in a centralized DejaCode and PurlDB ## **Possible Solution/Implementation Details** 
The license notice of https://github.com/rspamd/rspamd/blob/f0c4d32740df0019673bc706c6004373a2a39220/contrib/aho-corasick/acism.c was recently updated by adding an Apache notice with https://github.com/rspamd/rspamd/commit/14c13854d3cae9d93c3d148be30fb72f1eaffe55.... I am not sure it is possible to do so? IMHO, it may be best...
We should define a package type for ASF projects (Apache Software Foundation) The spec mentioned originally `apache for Apache projects packages`. The direction may be to use `asf` rather than...
Sometime, a package may have a lot of resources (say a Linux kernel with 70K files). It is not ideal to have these 70K rows listed at once in the...
If I have a project with over (1,048,576 - 1) resources, loading this in LibreOffice will lead to silent truncation because it goes over 1,048,576 maximum rows of LibreOffice. It...
The Declared license expression (SPDX) is not updated in d2d with ABOUT files if only the scancode license expression is available. We should always compute that "Declared license expression (SPDX)"...
I would like to Track the ABOUT file used to map a package in a d2d so I could check if this was already ABOUT mapped with and ABOUT file...
This is useful to track and curate packages independently of their locations. Here the key would be the PURL. See also: - https://github.com/nexB/aboutcode-toolkit/issues/562
We should design a better renaming convention that adding a clone suffix when cloning a project. Rather than always adding clone, what about creating a version suffix? like v1, then...
We should ensure that rerunning some pipeline/step does not crash. For instance, rerunning the about file mapping in a d2d pipeline should be OK.