Comments (6)
@ottokruse-sd this would be great indeed.
One thing that is a tad difficult when doing summaries is decide at which level to summarize....
- a simple approach is to provide a top level summary for the whole scan, which is straightforward and concise in most cases for licenses, but can be a tad long if you were to do the same on bare copyrights (and this would be better on to do on copyright holders only, ignoring years and such).
- a more involved approach would to provide smarter summaries at various level of the scanned code tree hierarchy.
- a natural summary point is when we detect a package such as an RPM, a tarball, JAR, NPM, etc (which is a new feature under development in the develop branch)
- or find or infer summary point in the tree based on actual scan results. For instance if all files in a directory share the same license and copyright holders, that directory becomes a good summary point.
So what would be your take on this?
from scancode-toolkit.
I do not think we need a summary of copyrights, what we need is a top level summary of license contained in the package scanned.
OTTO KRUSE
Engineering Program Manager
ARRIS
o: +1 858-404-2429
c: +1 858-342-3623
e: [email protected]:[email protected] <-- Note Change
This electronic transmission (and any attached document) is for the sole use of the individual or entity to whom it is addressed. It is confidential and may be attorney-client privileged. In any event the Sender reserves, to the fullest extent, any "legal advice privilege". Any further distribution or copying of this message is strictly prohibited. If you received this message in error, please notify the Sender immediately and destroy the attached message (and all attached documents).
From: Philippe Ombredanne [mailto:[email protected]]
Sent: Thursday, September 03, 2015 2:21 PM
To: nexB/scancode-toolkit
Cc: Kruse, Otto
Subject: Re: [scancode-toolkit] Add Summary Feature (#68)
@ottokruse-sdhttps://github.com/ottokruse-sd this would be great indeed.
One thing that is a tad difficult when doing summaries is decide at which level to summarize....
- a simple approach is to provide a top level summary for the whole scan, which is straightforward and concise in most cases for licenses, but can be a tad long if you were to do the same on bare copyrights (and this would be better on to do on copyright holders only, ignoring years and such).
- a more involved approach would to provide smarter summaries at various level of the scanned code tree hierarchy.
- a natural summary point is when we detect a package such as an RPM, a tarball, JAR, NPM, etc (which is a new feature under development in the develop branch)
- or find or infer summary point in the tree based on actual scan results. For instance if all files in a directory share the same license and copyright holders, that directory becomes a good summary point.
So what would be your take on this?
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/68#issuecomment-137578185.
from scancode-toolkit.
good, that is the easier one for a start...
from scancode-toolkit.
@jdaguil I think you made some progress on this, correct?
from scancode-toolkit.
@pombredanne yes, I didn't see this ticket progress has been referenced in #114
from scancode-toolkit.
@ottokruse-sd @pombredanne this has been implemented in #114 and is available in the latest release
from scancode-toolkit.
Related Issues (20)
- Missing license: Redpanda Community License Agreement HOT 4
- Determine correct PURL for top-level package in Swift parser
- TypeError while scanning file (PDF) HOT 3
- Multiline copyright missing from license file HOT 2
- Dual-licenses identified as multi-licenses (>2); wrong recognition of copyright/holder HOT 4
- For packages with worspaces (and similar monorepos) use full VCS URL
- Add extra documentation to each package class
- How to use scancode toolkit output files? HOT 7
- Post Scan option --package-summary
- The Gradle project generates SBOM without component licenses HOT 1
- LGPL3 recognised as GPL3
- Parse comments in go.mod files for "// indirect"
- Add extra data from fedora RPMs
- Reported rule URLs refer to `develop` branch instead of corresponding tagged release HOT 1
- Beginner: What am I supposed to do with this category of false positives? HOT 5
- Scanning files of type mjs.map might produce huge result files with useless matched_text information HOT 1
- Determine whether a package is present in a codebase
- ignorable_copyrights are not ignored? HOT 2
- Ensure that we detect "third-party" files as "legal" files
- 500 when using PurlDB collect endpoint on GitHub PURL
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scancode-toolkit.