Sebastian Schuberth
Sebastian Schuberth
As an unrelated side note, the directory structure looks wrong to me: Seems like Artifactory is taking the "/" from URLs as directory separators for the structure on the server......
> I want to share the same storage place for multiple projects to save scanning time of opensource libraries but I don't want to share the sensitive data as project...
> no attempt to download or scan the package's source code. Just to capture some thought's from today's Kotlin Dev meeting: Basically we already have the `skip_concluded` mechanism for this....
Maybe also have a look at https://github.com/Waldleufer/archproj-bmwteam of which our contributor @andreas-bauer has a fork.
FYI, there's been work started in the [bitbake branch](https://github.com/heremaps/oss-review-toolkit/tree/bitbake).
> are we trying to search for licenses of the metadata that is Yocto or the underlying software that is built with Yocto? The latter, IMO. Or more generically: We...
Let's leave the term "(end-)product" aside for a moment. It does not matter which *kind* of software you distribute (e.g. whether it's a product, SDK, or some tools that build...
For reference, I just learned that besides Double Open's original https://github.com/doubleopen-project/meta-doubleopen, there's also https://github.com/fossas/meta-fossa that might be worth looking at.
> 2\. Use polymorphism with the `Issue` class, so that it has additional properties. FYI, this roughly goes into the direction of https://github.com/oss-review-toolkit/ort/issues/4393.
> This can be done as a (larger) follow-up task, which has its own ticket. Mind creating such an issue (if it does not exist yet) so that we do...