continuous-clearing icon indicating copy to clipboard operation
continuous-clearing copied to clipboard
verified publisher icon siemens

SW360.'Source Code Download URL' for Debian packages should be the dsc file

Open ericbl opened this issue 1 year ago • 1 comments

For Debian packages, the tool seems to set the .orig.tar.gz file into the 'Source Code Download URL' field of SW360.

It should be the 'dsc' file.

Let's take an example (Siemens internal): https://sw360.siemens.com/group/guest/components/-/component/release/detailRelease/1fa4ed40b7e94fd2a5ffbd778499ca99#/tab-Summary refers to the libssh2 package. According to the author of that release, your tool was used in their workflow to create or upload the component on sw360. You see the orig.tar.gz set at 'Source Code Download URL'

The proper source file for that package is the corresponding dsc Setting the dsc is what Gernot's tool is doing.

Please adapt your tool to set the dsc file and NOT the orig.tar.gz here.

Generally speaking, cross testing should be done between tools to ensure they set the same data. See with Gernot for Debian specific topic, i.e. for Debian packages.

ericbl avatar Sep 17 '24 07:09 ericbl

Not sure if it's obvious which "Gernot" is meant, so in case of questions, feel free to contact me here or via Siemens channels. ;-)

gernot-h avatar Sep 17 '24 10:09 gernot-h

@ericbl Thanks for looking out our tool.

Will check with the Clearing team (@WagnerMarco ) and will adopt the changes accordingly.

sumanthkb44 avatar Oct 17 '24 10:10 sumanthkb44

@ericbl Thanks for the suggestions,

We had a discussion with @WagnerMarco & @gernot-h Will try to incorporate this in our feature release.

sumanthkb44 avatar Nov 27 '24 10:11 sumanthkb44