Sebastian Schuberth

At least for `setup.py`-based projects, there *might* be *hints* which Python version to use. For example, the classifiers may contain something like classifiers=[ "Programming Language :: Python", "Programming Language ::...

Ping @pombredanne, being the Python guy here, do you have any good idea how to solve this problem?

> Note that pip now uses this bundled resolver https://github.com/sarugaku/resolvelib Does `pip` really use that library as-is? I thought I read somewhere that it's rather the other way around, with...

> Actually that's not really an advantage when we do static analysis. Except that you can more easily use the same Python libraries / functions as `pip` itself when parsing...

Yet another option would be to assign an artificial unique project id for the second project, like by using the parent directory name / path to the VCS root as...

Just double-checking with @mnonnenmacher: This is basically like *scan*-by-repo (with has been merged in the form of the experimental scanner interfaces), but *analyze*-by-repo, right?

> Can we move on with this change? Any blockers you see? I believe you didn't address @tsteenbe's [comment from here](https://github.com/oss-review-toolkit/ort/pull/5472/commits/bf17275f13096b6a569854387cbac9e7acbe2ced#r912748091) yet.

Very much related to https://github.com/oss-review-toolkit/ort/issues/2852 for declared licenses.

Maybe a project from https://github.com/android/ndk-samples can be used for testing.

And maybe https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin implements some ideas that we could reuse (also ping @mnonnenmacher).