Sebastian Schuberth
Sebastian Schuberth
> 1\. Ambiguous `VcsInfo` source I'm not sure I follow here about what the "ambiguity" is. Let me start by saying that I believe the properties to be documented correctly...
> Would that be something that needs to be fixed before our provenance implementation? IMO, no. > Sounds like the two are only indirectly related. IMO, yes.
I agree this issue needs refinement. I'll try to come up with a mock-up as IMO more UI changes are required to nicely display what we're interested in.
This issue was briefly discussed as part of backlog grooming. The `severeIssueThreshold` was originally introduced for the CLI tools (and their resulting exit status) to be able to configure from...
For reference, output looks like this: ``` ============================ Installed ORT Plugins ============================ ------------------------------ Advice Providers ------------------------------- Nexus IQ (id: NexusIQ) An advisor that uses Sonatype's Nexus IQ Server to determine...
> I wasn't even aware of the `--list=plugins` option. It's even documented 😉 https://github.com/oss-review-toolkit/ort/blob/a9e964edcdb00501ac58e1fe36b314a2bad9a30c/cli/src/main/dist/plugin/README.md?plain=1#L3 > So would you prefer to extend the output of that option or to have the...
So, to avoid any confusion, should this PR also remove `--list=plugins` from `ort requirements`?
Not a strict requirement, but when creating a new / refactored Git implementation around the `git` CLI, it could also make sense to look into https://github.com/oss-review-toolkit/ort/issues/4668 again in that context.
Maybe this is a good opportunity to give https://github.com/hfhbd/kfx with https://public.vulnerablecode.io/api/schema/ a try.
@pombredanne just disclosed to me that in 3-6 months there'll probably be a v3 of the API. So while current v2 is supposed to be much faster than v1, it's...