-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Separate authors and copyright holders #5504
Separate authors and copyright holders #5504
Conversation
49b52ec
to
c473180
Compare
Codecov Report
@@ Coverage Diff @@
## main #5504 +/- ##
============================================
- Coverage 72.70% 69.70% -3.01%
- Complexity 2045 2192 +147
============================================
Files 267 268 +1
Lines 14124 14897 +773
Branches 2109 2412 +303
============================================
+ Hits 10269 10384 +115
- Misses 2773 3427 +654
- Partials 1082 1086 +4
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
@porsche-rbieniek please have a look at the detekt issues. |
@porsche-rbieniek now the DCO checks fails because of a mismatch between the author and sign-off names: |
So many small details to get it right. I was really wondering why my sign-off's were failing |
94e418c
to
2429ef2
Compare
6af3b1c
to
9ec9f53
Compare
@porsche-rbieniek Something's got stuck with the GitHub actions apparently... please rebase once more onto origin/main and force-push to retrigger the checks. |
... and please add "Resolves #4519." to the commit message, too. |
d2718ff
to
a896ef5
Compare
model/src/test/kotlin/licenses/DefaultLicenseInfoProviderTest.kt
Outdated
Show resolved
Hide resolved
a896ef5
to
cbb331e
Compare
Changes implemented except CarthageTest. Here I would like to keep the test cverage and augment it by testing the authors as well. |
Hi guys, could you please gimme a hint why this seems to be stuck now? IMHO I implemented the changes requested to move forward |
@porsche-rbieniek will you make the changes according to the comments so that we can move it forward? |
cbb331e
to
7632134
Compare
Done all requested changes, we can proceed |
In German law, the author and the copyright holder can be two seperate legal entities and therefore also need to be treated separately. Introduce a new copyright holder field that is now the primary source for copyright holder information. Authors are still only used as copyright holders if the `addAuthorsToCopyrights` option is enabled. For now, all package manager implementations set empty copyright holders. Filling the copyright holder field is left as an exercise for future actions. Right now, the only way to add copyright holders is via curations. This change resolves oss-review-toolkit#4519. Signed-off-by: Rainer Bieniek <[email protected]>
7632134
to
86672b1
Compare
Dismissing approval after July 14th ORT developer meeting discussion, additional changes to this PR are needed.
While I couldn't join today's developer meeting, I believe we shouldn't try to do too many things at once. IMO the intermediate step, as done in this PR, should be to introduce |
@@ -167,13 +175,16 @@ data class PackageCurationData( | |||
* Merge with [other] curation data. The `comment` properties are joined but probably need to be adjusted before | |||
* further processing as their meaning might have been distorted by the merge. For properties that cannot be merged, | |||
* data in this instance has precedence over data in the other instance. | |||
* | |||
* TODO: Clarify semantics if setting an author os copyright holders replaces or augments any scan result value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"TODO: Clarify semantics about whether setting an author or copyright holders should replace or amend results from a scan."
As far as I understand this statement tries to argue against the changes agreed on in the developer meeting. |
I didn't yet have time to read through the meeting minutes, if that's what you mean. It seems like use-cases I've never heard of before popped up, and we're back to square one 😵 |
That's a misunderstanding on your side then. The agreement today was that only one trivial change needs to be added to the PR, which is renaming the introduced property IIRC from |
Hi @fviernau I wanted to clarify on the following:
I hope this clarifies. Regards, |
Hm, so it seems things have been perceived differently, e.g. in your view "There was no agreement in the developers meeting" . In my view, e.g. @mnonnenmacher requested to do #2 as part of the PR, which would contradict your point #2 and #3. Anyhow, what problem are you trying to solve @porsche-rishisaxena? Find an agreement how to move on with this PR? |
Could somebody please explain if there are now further changes required by me or not? I couildn't join the developer meeting due to a vacation on short notice and I am now totally lost in this discussion |
@porsche-rbieniek, let me take over this PR of yours, I'll get it merged. So please don't push to the branch anymore. |
@sschuberth Please don't merge it without my review, I was planning to update this PR today to be aligned with what was discussed in the ORT meeting. |
@sschuberth and @tsteenbe, since your are taking over the PR, to me the most important point is consistency in the handling of copyrights and licenses. Both can be declared in the metadata and detected in the source code, so the properties should use similar naming and the curation options should work in a similar way.
|
@mnonnenmacher I looked up if the most used package manager have a declared copyright holder filed and they don't.
|
Superseded by #5680. |
In German law, the author and the copyright holder can be two separate legal entities and therefore also need to be tracked separately. Introduce a new field for declared copyrights that is now the primary source for copyright holder information. Authors are still only used as copyright holders if the `addAuthorsToCopyrights` option is enabled. For now, all package manager implementations set empty declared copyrights. Filling the declared copyrights is left as a future exercise (also see [1]). Currently, the only way to add declared copyrights is via curations. This change resolves #4519. [1]: #5504 (comment) Signed-off-by: Rainer Bieniek <[email protected]> Signed-off-by: Sebastian Schuberth <[email protected]>
In German law, the author and the copyright holder can be two separate legal entities and therefore also need to be tracked separately. Introduce a new field for declared copyrights that is now the primary source for copyright holder information. Authors are still only used as copyright holders if the `addAuthorsToCopyrights` option is enabled. For now, all package manager implementations set empty declared copyrights. Filling the declared copyrights is left as a future exercise (also see [1]). Currently, the only way to add declared copyrights is via curations. This change resolves #4519. [1]: #5504 (comment) Signed-off-by: Rainer Bieniek <[email protected]> Signed-off-by: Sebastian Schuberth <[email protected]>
Similar to the `concludedLicense` field, introduce a `concludedCopyrights` field that is to be set exclusively via a package curation [1] to override any detected copyright statements. Note that there is no such thing as *declared* copyright statements because package managers do not support them explicitly [1]. The concluded copyrights will get associated to all effective licenses; there currently is no way to curate a copyright statement for a specific license only. Behavior-wise this is no change compared to previous feature of curating authors and enabling the `addAuthorsToCopyrights` option. As a bonus, this fixes a subtle bug where previously packages might have been skipped in the scan if `authors` were set but `addAuthorsToCopyrights` was disabled. Resolves #4519. [1]: #5504 (comment) [1]: https://github.com/oss-review-toolkit/ort/blob/main/docs/config-file-curations-yml.md Signed-off-by: Rainer Bieniek <[email protected]> Signed-off-by: Sebastian Schuberth <[email protected]>
Similar to the `concludedLicense` field, introduce a `concludedCopyrights` field that is to be set exclusively via a package curation [1] to override any detected copyright statements. Note that there is no such thing as *declared* copyright statements because package managers do not support them explicitly [1]. The concluded copyrights will get associated to all effective licenses; there currently is no way to curate a copyright statement for a specific license only. Behavior-wise this is no change compared to previous feature of curating authors and enabling the `addAuthorsToCopyrights` option. As a bonus, this fixes a subtle bug where previously packages might have been skipped in the scan if `authors` were set but `addAuthorsToCopyrights` was disabled. Resolves #4519. [1]: #5504 (comment) [1]: https://github.com/oss-review-toolkit/ort/blob/main/docs/config-file-curations-yml.md Signed-off-by: Rainer Bieniek <[email protected]> Signed-off-by: Sebastian Schuberth <[email protected]>
In German law, the author and the copyright holder can be two seperate
legal entities and therefore also need to be treated separately.
Introduce a new copyright holder field that is now the primary source
for copyright holder information. Authors are still only used as
copyright holders if the
addAuthorsToCopyrights
option is enabled.For now, all package manager implementations set empty copyright
holders. Filling the copyright holder field is left as an exercise for
future actions. Right now, the only way to add copyright holders is via
curations.
This change resolves #4519.
Signed-off-by: Rainer Bieniek [email protected]