Sebastian Schuberth

Thanks @prabhu for your offer to help. I believe it would be beneficial to first understand more about the capabilities of the different tools, maybe also not limited to ORT...

`Bootloader-exception` is an exception to a license, not a license on its own, and thus must not stand alone. It can only be the second operand to the `WITH` SPDX...

Closing this in favor of https://github.com/oss-review-toolkit/ort/issues/8052.

> Currently, the license choice is applied to the "effective license", which is done as follows. Just a nit about the wording, but isn't the effective license the *result* of...

To clarify, I would have more expected something like (closed && closedAt == null) || (closedAt != null && Instant.parse(closedAt).isAfter(time)) or even just closedAt != null && Instant.parse(closedAt).isAfter(time) However, both...

Also see the probably related https://github.com/oss-review-toolkit/ort/security/code-scanning/3152 hint.

> he current implementation gives priority to the `closed` flag and assumes that if it is _false_, the issue is still open and can thus not be fixed in any...

FYI, this is the way it's currently implemented for Maven: https://github.com/oss-review-toolkit/ort/blob/eb34b0dd11ee08ddbb537aa3c7eb54ecb7ff5bd7/analyzer/src/main/kotlin/managers/utils/MavenSupport.kt#L305-L321

> [pnpm ](https://pnpm.io/cli/patch)and [Yarn](https://yarnpkg.com/cli/patch) both have patching functionality, which at least indicated a modified package. Now that you mention it, for Conan we have implemented something similar: https://github.com/oss-review-toolkit/ort/blob/ab808c98ed9abc2aad8e323500edfc24ba4c55aa/plugins/package-managers/conan/src/main/kotlin/Conan.kt#L324

FYI, there's a new IntelliJ plugin from JetBrains called [Writerside](https://plugins.jetbrains.com/plugin/20158-writerside) which might become useful here.