Comments (6)
sschuberth
commented on July 2, 2024
@oss-review-toolkit/core-devs, how about if we simply add parent directory names as suffixes to the project name until the is unique?
from ort.
mnonnenmacher
commented on July 2, 2024
A couple of questions:
Do you propose this as a general solution or specific to Cargo?
Why add the directory names as suffixes and not prefixes? That seems unintuitive. I would rather prefix them and always take the full path, as it could otherwise be confusing. So for the example above use the names java/glide-rs and csharp/lib/glide-rs.
Should this always happen or only if there are conflicting names?
from ort.
sschuberth
commented on July 2, 2024
Do you propose this as a general solution or specific to Cargo?
As a general solution, see also the PIP case mentioned in the quoted TODO.
Why add the directory names as suffixes and not prefixes?
Because at the Cargo example, I find glide-rs-go / glide-rs-java to read nicer than go-glide-rs / java-glide-rs. (I probably should have said that I envisioned dashes instead of slashes as separators.)
Should this always happen or only if there are conflicting names?
Probably yes, as otherwise names could get unnecessary complicated.
from ort.
mnonnenmacher
commented on July 2, 2024
I kind of like this approach, however I'm not sure about the details. For example, this approach could be difficult for package managers that support project dependencies (e.g. Maven), because those references might break if we rename projects.
Could you maybe collect some more examples to show how the naming algorithm would work for repositories that are affected by this issue? That would be good input to further refine the idea.
from ort.
heliocastro
commented on July 2, 2024
Some insights here, are we aiming to a common global identification ?
Or if this is too much, maybe instead of dash could go to something like gradle representations:
glide-for-redis.go.glide-rs:0.1.0
Is this a little more logic considering that we have a better tracking from exact folder
from ort.
fviernau
commented on July 2, 2024
I kind of like this approach, however I'm not sure about the details. For example, this approach could be difficult for package managers that support project dependencies (e.g. Maven), because those references might break if we rename projects.
IIRC in GoMod it could be analog.
from ort.
Related Issues (20)
- [BUG] Cargo: submodules and local packages are being skipped HOT 3
- tests: Turn assets into resources HOT 1
- FossID: improve the error reporting when the credentials are wrong
- FossID: Scanner option `fetchSnippetMatchedLines` should be removed
- Docker image for version 22.3.0 does not contain the `scancode` executable anymore HOT 8
- Invalid expires attribute date on setting Cookies during Analyzer HOT 6
- Gemfile parsing for Bundler (Ruby) doesn't correctly take into account platforms (ruby, java etc.) HOT 9
- Consider using `testcontainers-git` to test authentication with Git servers
- Mention the ORT version the report was created with.
- Generated package configuration path excludes does not respect vcs path curations HOT 1
- Effective license of `BSD-3-Clause AND BSD-3-Clause`
- Support getting Node-related tooling versions from the `frontend-gradle-plugin` HOT 1
- Consolidate Scan Storages HOT 2
- package-curations: Allow adding arbitrary tags to packages HOT 12
- SSLHandshakeException with ClearlyDefined.io HOT 1
- Add "Black Duck" as advisor for known security vulnerabilities HOT 4
- Enable the reporting of known security vulnerabilities as Open VEX document HOT 1
- Document the precedence / behavior in case of multiple package configuration providers
- Automate the creation of how-to-fix hints for vulnerabilities
- Kotlin 2.0 and GradleInspector: Issues with variant selection HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ort.