Comments (2)
AdamMajer
commented on May 29, 2024
In this case, maybe only -devel packages should be presented. There should be a discriminator between linked vs. used. So things like libtool or gcc doesn't mean it's linked, but adding openssl-devel headers probably is a good indicator that openssl-devel is linked against.
from cavil.
kraih
commented on May 29, 2024
There is much more to it. Cavil itself has no real concept of packages or even projects. Those are just sources for it to get code from to scan and analyse. To give you the correct license report of a BuildRequire we would need to know the exact context in which the package will be built at the time it will be built (dependencies will get updated all the time too, so everything is in constant flux).
And then there's the problem that Cavil tries to resolve links to the devel projects to reduce duplicates. That means our data is not at all equipped to resolve dependencies currently. At best we could give estimates, or a list of all possible versions of a dependency package, and then you'd have to sort through them to find the right one. But it would be pretty sketchy for a proper legal review.
from cavil.
Related Issues (20)
- One click UI for creating new patterns
- Make priorities more visible for open reviews HOT 1
- Position dropdown menu for managing patterns dynamically
- Ignore snippet everywhere does not work
- Full test coverage for the main review process HOT 1
- Optimize daily cleanup
- decline requests if they report an "Error" HOT 3
- Files with extremely long lines of text HOT 2
- Add UI for removing globs again
- Inconsistent risk assessments
- Inconsistent patterns without license HOT 2
- Support LicenseRef- prefix in specfiles HOT 1
- Inconsistent license capitalisation
- Bring back ordering for ui tables
- RFE: Speeding up license correction HOT 2
- LegalDB report should use license definitions acceptable by obs-service-format_spec_file HOT 2
- Flagging changes authored by AI HOT 1
- Review correction ui
- UI for reviewing ML classification HOT 1
- Encoding error when generating SPDX reports
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cavil.