Comments (7)
@lildude ah it's not bogus. This (😞 unanticipated but arguably correct) change in behavior is because licensed
no longer moves into the target directory before obtaining a commit SHA. Those SHA's that you're seeing are the linguist
commits that updated the submodules, not the SHAs of the individual submodules.
I don't think this is a bug.
from licensed.
This (😞 unanticipated but arguably correct) change in behavior is because licensed no longer moves into the target directory before obtaining a commit SHA. Those SHA's that you're seeing are the linguist commits that updated the submodules, not the SHAs of the individual submodules.
🤯 yup, definitely unanticipated, and sort of makes sense now you mention it.
I don't think this is a bug.
🤔 If this is expected, it means new licenses won't be picked up until submodule updates have been committed:
$ git submodule update --remote
remote: Counting objects: 4, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 4 (delta 3), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (4/4), done.
From https://github.com/codemirror/CodeMirror
af3bd431..ab3e78af master -> origin/master
Submodule path 'vendor/CodeMirror': checked out 'ab3e78afb0bc7f0bf56a2038539b2853715e38aa'
Submodule path 'vendor/grammars/JSyntax': checked out 'daf9ff2cb011571825338b57c48b87fa8cca065d'
Submodule path 'vendor/grammars/MagicPython': checked out 'ad6bd6211944a1b24c6594fa75ee3b15f60d7559'
Submodule path 'vendor/grammars/NimLime': checked out 'd71fd1ae94a8597cec72445bc87c760497a9763c'
[...]
$
$ script/licensed | grep Caching
Caching licenses for linguist: <--- I'D EXPECT LICENSE CHANGE DETECTION HERE
$
$ git commit -am 'Updqte grammars'
[testing be906be4] Updqte grammars
38 files changed, 38 insertions(+), 38 deletions(-)
$
$ script/licensed | grep Caching
Caching licenses for linguist:
Caching atom-language-purescript (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
Caching language-apl (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
Caching quake (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
Caching sublime-MuPAD (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
Caching language-csound (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
Caching language-roff (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
Caching objective-c.tmbundle (be906be46e9fbc94b1e7bcfd9bf53d060a4c14a4)
[...]
$
This seems very counter-intuitive to me and is likely to lead to the assumption by many using a similar approach to us, that there has been no change to the license(s) until much later, possibly too late. Some may also not like the pollution of their history that comes from having to commit the submodule updates and then the license updates separately.
We're effectively in the same boat as the way Go dependencies currently work, which I note you implemented a workaround for as part of the change in #78 so I guess I'm going to need to do the same for Linguist and our custom source.
I'm not sure if or how this should be documented as I suspect we're in a unique position at the moment.
from licensed.
If this is expected, it means new licenses won't be picked up until submodule updates have been committed:
This seems very counter-intuitive to me and is likely to lead to the assumption by many using a similar approach to us, that there has been no change to the license(s) until much later, possibly too late.
IMO this is desired and how it should be working, at least when using the Git commit SHA as a version identifier. Having licensed pick up changes before they're committed into a repo sounds like a bug to me, as it doesn't necessarily reflect the state of the project that is distributed to others.
We're effectively in the same boat as the way Go dependencies currently work, which I note you implemented a workaround for as part of the change in #78
To be clear, that was not a workaround for submodules that are committed into the repo. That was a workaround for downloaded external projects that exist outside the repo.
I guess I'm going to need to do the same for Linguist and our custom source.
Sure. To be honest I'm not sure thats the correct thing to be doing as you're opening Linguist up to having mismatches between the committed submodule reference and whats in the license metadata.
from licensed.
To be honest I'm not sure thats the correct thing to be doing as you're opening Linguist up to having mismatches between the committed submodule reference and whats in the license metadata.
I'm not sure I follow how. Can you please elaborate.
From my experimenting this morning, having it this way means the cached license is tied to the version in the submodule SHA that we reference in Linguist. Both are committed to the repo at the same time as part of the slightly modified release process.
from licensed.
Can you please elaborate.
Sure! If someone were to update a submodule reference, cache license metadata then update a submodule reference again, there would be a mismatch.
I guess as long as the method of obtaining the submodule reference is consistent then licensed would complain about the metadata being out of date when checking metadata status.
🤔
from licensed.
@lildude theres now a source available for git submodules that will use the SHA of the submodule as the version string. With that source available then any manifest can and should continue to use commit SHAs for the root repo as opposed to the submodule.
👍 to close this issue?
from licensed.
👍 to close this issue?
👍 looks like it might do what I've implemented in Linguist. I'll look to update Linguist when I've got the bandwidth. Thanks for implementing this. 🙇 Closing.
from licensed.
Related Issues (20)
- Detecting a wrong package name for scipy 1.9.2 installed by pip HOT 7
- licenses (plural) key in gemspecs doesn't seem to be recognised? HOT 3
- False review_changed_license when release changed. HOT 3
- DEPRECATION NOTICE: Licensed will no longer ship a packaged EXE for future versions >= 4.0.0 HOT 2
- Licensed breaks under Bundler 2.4.1 due to dependency search change
- The `cache` command is not cleaning up stale license files HOT 2
- licensed v4.0.0 test failure in Homebrew HOT 4
- Cocoapods-core is incompatible with Rails 7 HOT 4
- Remove dep
- Go modules license detection seems off (possibly /v2) HOT 2
- Add support for pnpm as a source HOT 22
- Re-evaluate default Gradle configurations
- Allow users to manually curate paths to license content for a detected dependency
- Create cocoapods plugin for enumerating dependencies for licensed HOT 3
- Checksum-based review HOT 7
- How to list licenses from cache HOT 2
- Make licensed status detect dependencies that have been removed HOT 8
- Remove bower support
- Bug with gem bundle in subdirectory / Could not find optimist (3.1.0) in any sources
- Bug with pnpm in subdirectory (tries both npm and pnpm resolution?)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from licensed.