From e2422a3f53ee52ede5d4a613f93ebfdfb31602f8 Mon Sep 17 00:00:00 2001 From: Sebastian Schuberth Date: Tue, 28 May 2024 19:38:20 +0200 Subject: [PATCH 1/2] feat(package-configurations): Add a path exclude for `commons-compress` The main goal of excluding the `src/test` directory is to exclude the file at src/test/resources/org/apache/commons/compress/COMPRESS-649/some-900kb-text.txt (also see [1]) which contains random text in a single line, causing ScanCode 32.1.0 to time out. [1]: https://github.com/apache/commons-compress/blob/rel/commons-compress-1.26.2/src/test/resources/org/apache/commons/compress/COMPRESS-649/some-900kb-text.txt Signed-off-by: Sebastian Schuberth --- .../org.apache.commons/commons-compress/1.26.2/vcs.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 package-configurations/Maven/org.apache.commons/commons-compress/1.26.2/vcs.yml diff --git a/package-configurations/Maven/org.apache.commons/commons-compress/1.26.2/vcs.yml b/package-configurations/Maven/org.apache.commons/commons-compress/1.26.2/vcs.yml new file mode 100644 index 00000000..c2144806 --- /dev/null +++ b/package-configurations/Maven/org.apache.commons/commons-compress/1.26.2/vcs.yml @@ -0,0 +1,9 @@ +--- +id: "Maven:org.apache.commons:commons-compress:1.26.2" +vcs: + type: "Git" + url: "https://gitbox.apache.org/repos/asf/commons-compress.git" + revision: "95727006cac0892c654951c4e7f1db142462f22a" +path_excludes: +- pattern: "src/test/**" + reason: "TEST_OF" From d56bbf9f32f7fe4f779a889a80c0077613024995 Mon Sep 17 00:00:00 2001 From: Sebastian Schuberth Date: Wed, 29 May 2024 17:58:10 +0200 Subject: [PATCH 2/2] feat(package-configurations): Improvements for `commons-compress` Incorporate reviewed changed from @tsteenbe, see [1]. [1]: https://github.com/oss-review-toolkit/ort-config/pull/192#pullrequestreview-2083628710 Signed-off-by: Thomas Steenbergen Signed-off-by: Sebastian Schuberth --- .../commons-compress/1.26.2/vcs.yml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/package-configurations/Maven/org.apache.commons/commons-compress/1.26.2/vcs.yml b/package-configurations/Maven/org.apache.commons/commons-compress/1.26.2/vcs.yml index c2144806..59a40155 100644 --- a/package-configurations/Maven/org.apache.commons/commons-compress/1.26.2/vcs.yml +++ b/package-configurations/Maven/org.apache.commons/commons-compress/1.26.2/vcs.yml @@ -5,5 +5,30 @@ vcs: url: "https://gitbox.apache.org/repos/asf/commons-compress.git" revision: "95727006cac0892c654951c4e7f1db142462f22a" path_excludes: +- pattern: ".github/**" + reason: "BUILD_TOOL_OF" +- pattern: "CODE_OF_CONDUCT.md" + reason: "DOCUMENTATION_OF" +- pattern: "CONTRIBUTING.md" + reason: "DOCUMENTATION_OF" +- pattern: "SECURITY.md" + reason: "DOCUMENTATION_OF" +- pattern: "src/changes/**" + reason: "DOCUMENTATION_OF" +- pattern: "src/main/java/org/apache/commons/compress/archivers/examples/**" + reason: "EXAMPLE_OF" +- pattern: "src/site/**" + reason: "DOCUMENTATION_OF" - pattern: "src/test/**" reason: "TEST_OF" +license_finding_curations: +- path: "src/main/java/org/apache/commons/compress/archivers/zip/*.java" + detected_license: "LicenseRef-scancode-proprietary-license" + reason: "REFERENCE" + comment: |- + This is a match on 'Refer to the section in this document entitled "Incorporating PKWARE Proprietary Technology into + Your Product" for more information', see + https://github.com/apache/commons-compress/blob/rel/commons-compress-1.26.2/src/main/java/org/apache/commons/compress/archivers/zip/X0017_StrongEncryptionHeader.java#L251-L252 + Running Git blame on the line shows that this is a reference to the ZIP file format specification, see + https://github.com/apache/commons-compress/commit/a433f625f89c1d464b05186411ff20802e292fb4. + concluded_license: "NONE"