Sebastian Schuberth
Sebastian Schuberth
@MNesche even after read the description again, I'm still unclear what a "subcomponent" actually is, and what defines it. Is any arbitrary set of files that happen to have the...
So, a license detected in a root `LICENSE` file is not a "main" license? Quite odd, IMO. Also, this still leaves the question open to me how many non-main subcomponents...
> Well, guess we'd have to discuss your question about the License-file in a root with a lawyer to get a bulletproof reply ;). Actually, IIRC it was @LeChasseur who...
> From my understanding, the declared license is the main license of a package, because the developer declared to make the package public under this License. ORT uses the term...
> The same applies to the COPYING file, or if such LICENSE or COPYING file does not exist, the README. Agreed. That basically matches what we already have [here](https://github.com/oss-review-toolkit/ort/blob/d1fa585a58d17d814904dd121c9cef3f40b7c8b4/model/src/main/kotlin/config/LicenseFilePatterns.kt#L53-L70) (file...
Hi @de-jcup, ORT core maintainer speaking here 😄 In general, I feel that SecHub and ORT share several ideas about being platforms to integrate security / compliance checks at. Maybe...
I realize #99 might be a bit related, though I do not want to write to a file.
Yeah, though a Mordant log appender which would allow you to redirect all log output e.g. to a Mordant table cell / panel would really be nice, I guess.
Just chiming in here to say that IMO this feature should not be limited to "monorepos" strictly. Actually, in pretty much any Gradle multi-project that publishes per-project artifacts, I believe...
I'm also interested in such examples, esp. in best practices for `file`-typed components `name` fields: The spec's description to use > The name of the component. This will often be...