Sebastian Schuberth

icon indicating a website link https://www.doubleopen.org/

icon company CTO of @doubleopen-project icon location Berlin, Germany icon location A Kotlin enthusiast who's enjoying to work with and on Open Source Software.

Results 1563 comments of Sebastian Schuberth

Scanner freezes when using ClearlyDefined as a scan storage provider

> Looking up results for 'Maven:com.github.junrar:junrar:7.5.2'. Just using that single artifact in `ClearlyDefinedStorageFunTest` still passes. So it's not a matter of a specific artifact being used, but a sum of...

Q&A: Analyzer fails to authenticate with Artifactory when downloading artifacts (http-401)

> Downloading these artifacts via cURL works fine, when I provide username / password. Are you using exactly the same URL as the ORT analyzer for this check? Because I...

Q&A: Analyzer fails to authenticate with Artifactory when downloading artifacts (http-401)

> Could this be related to the `invalid cookie` messages? Could be. Looks like this is more or less a [know issue with the Apache HTTP client](https://stackoverflow.com/a/40697322/1127485) that the Maven...

Allow to curate copyrights directly (not via authors)

> @rbieniek do you want to take over that branch of mine? Ping @porsche-rbieniek and @porsche-rishisaxena as a reminder to move this forward.

Allow to curate copyrights directly (not via authors)

> Porsche solution submitted as #5315 Please associate issues with PRs by using one of the respective [keywords](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword) in one of the commits in the PR instead of manually adding...

cli: Replace log4j2 with logback

@porsche-rbieniek, while waiting for [your references about why Logback is the better logging framework](https://github.com/oss-review-toolkit/ort/wiki/Developer-Meeting#2022-06-30), I came across [this performance comparison](https://blog.sebastian-daschner.com/entries/logging-performance-comparison) which does not make Logback look all that good compared...

cli: Replace log4j2 with logback

Something that's also worth considering in the choice of our logging implemenation is Graal compatibility. Esp. [Log4j2 seems to have issues there](https://github.com/oracle/graal/issues/2008), unfortunately 😞

cli: Replace log4j2 with logback

Superseded by https://github.com/oss-review-toolkit/ort/pull/5673.

Reimplement NuGet support

As a general reference, FOSSA has published a nice write-up about [Managing Dependencies in .NET](https://fossa.com/blog/managing-dependencies-net-csproj-packagesconfig/); while I haven't read through all of it yet, maybe there's some valuable information for...

Reimplement NuGet support

FYI, [Nexus IQ](https://help.sonatype.com/iqserver/analysis/nuget-application-analysis) relies on https://github.com/CycloneDX/cyclonedx-dotnet to capture transitive dependencies in NuGet projects.