doraskayo commented on code in PR #2095:
URL: https://github.com/apache/buildstream/pull/2095#discussion_r2665987016
##########
src/buildstream/source.py:
##########
@@ -572,14 +580,54 @@ def __init__(
The url of the source input
"""
+ self.concluded_license: Optional[str] = concluded_license
+ """
+ The license of the source project as declared by the authors
+ """
+
+ self.copyright_text: Optional[str] = copyright_text
+ """
+ Copyright notice of the source
+ """
+
+ self.declared_license: Optional[str] = declared_license
+ """
+ Licences that have been officially declared for the source
+ """
+
+ self.description: Optional[str] = description
+ """
+ Description of the source
+ """
+
+ self.external_reference: Optional[str] = external_reference
+ """
+ Reference to an external source of information or assets relevant to
the source
+ """
+
self.homepage: Optional[str] = homepage
"""
- The project homepage URL
+ The source's homepage URL
"""
self.issue_tracker: Optional[str] = issue_tracker
"""
- The project issue tracking URL
+ The source's issue tracking URL
+ """
+
+ self.name: Optional[str] = name
+ """
+ Name of the source
+ """
Review Comment:
This might be a more general comment, but the `name` field appears to be one
of the only mandatory package fields [in SPDX
2.3](https://spdx.github.io/spdx-spec/v2.3/package-information/#71-package-name-field).
As such, at the very least, I would expect it to be:
1. Provided by all core source plugins that can reproduce it reliably (maybe
`cargo` and `pip`?), instead of letting consumers guess it based on the `url`
field.
2. Make it optionally user-configurable in all core plugins that cannot
reliably reproduce it on their own in every case, such as `tar` and other
plugins that inherit from `DownloadableFileSource`. This would be similar to
the `version` and `version-guess-pattern` configurations.
Doing this would also allow the
##########
src/buildstream/source.py:
##########
@@ -572,14 +580,54 @@ def __init__(
The url of the source input
"""
+ self.concluded_license: Optional[str] = concluded_license
+ """
+ The license of the source project as declared by the authors
+ """
+
+ self.copyright_text: Optional[str] = copyright_text
+ """
+ Copyright notice of the source
+ """
+
+ self.declared_license: Optional[str] = declared_license
+ """
+ Licences that have been officially declared for the source
+ """
+
+ self.description: Optional[str] = description
+ """
+ Description of the source
+ """
+
+ self.external_reference: Optional[str] = external_reference
+ """
+ Reference to an external source of information or assets relevant to
the source
+ """
+
self.homepage: Optional[str] = homepage
"""
- The project homepage URL
+ The source's homepage URL
"""
self.issue_tracker: Optional[str] = issue_tracker
"""
- The project issue tracking URL
+ The source's issue tracking URL
+ """
+
+ self.name: Optional[str] = name
+ """
+ Name of the source
+ """
Review Comment:
This might be a more general comment, but the `name` field appears to be one
of the only mandatory package fields [in SPDX
2.3](https://spdx.github.io/spdx-spec/v2.3/package-information/#71-package-name-field).
As such, at the very least, I would expect it to be:
1. Provided by all core source plugins that can reproduce it reliably (maybe
`cargo` and `pip`?), instead of letting consumers guess it based on the `url`
field.
2. Make it optionally user-configurable in all core plugins that cannot
reliably reproduce it on their own in every case, such as `tar` and other
plugins that inherit from `DownloadableFileSource`. This would be similar to
the `version` and `version-guess-pattern` configurations.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
