Wayne Beaton
Wayne Beaton
The following line from a `go.sum` file: `golang.org/x/sys v0.0.0-20220406163625-3f8b81556e12 h1:QyVthZKMsyaQwBTJE04jdNN0Pp5Fn9Qga0mrgxyERQM=` Is currently transformed into: `go/golang/golang.org%2Fx/sys/v0.0.0-20220406163625-3f8b81556e12` It should be: `go/golang/x/sys/3f8b81556e12` This then maps to source found at a specific commit in...
I'm thinking that we work from the Gemfile.lock, but haven't gotten much further than this. It looks like Ruby has a gem that can provide dependency information. The Gemfile.lock appears...
"Works with" dependencies are a type of dependency that does not require full scrutiny of the IP Team. Often-times, these dependencies are not under open source licenses or are under...
For Eclipse Plug-ins, the groupid the GAV for third party dependencies is different from the original. Generally, this is because the content has been pulled into Eclipse Orbit and is...
Based on a cursory look, JCommander seems much simpler and provides validation. Consider switching.
To support Golang, we need to document a means of extracting dependency information out of a go build and converting it into ClearlyDefined content Ids. If sensible and necessary, we...
When one uses the `dependencies:list` feature, the output includes some blank and header lines. For example: ``` The following files have been resolved: none The following files have been resolved:...
Passing values (e.g. the settings, and logging) around via constructors is cumbersome. Further, things like the ContentIdParsers should be configurable and extendable (e.g., the FlatFileReader constructor hardcodes the parsers that...
We should be able to map content in a p2 repository to ClearlyDefined identifiers. For example, a `content.xml` file has entries like this: ``` ... ... ``` Which we can...
Run the tool on the tool during Maven build.