Hi @rtgdk how do I run tests for the api code in the python3 branch?
python src/manage.py test app.tests works for me for app tests, but none of the api tests seem to execute for me with test api.tests, here are the logs.
@nishantc7 are you using this branch? https://github.com/spdx/spdx-online-tools/tree/python3
1 reply
I had one doubt though. Correct me if I'm wrong. The SPDX Document that is mentioned in the problem statement points to the in-memory representation of the document struct of the data model.
@Tarunmoses, yes, you're right.
Mentors @goneall @zvr , I've shared my draft proposal for your consideration for Generate a JSON Representation of the Specification from Structured Markdown
Please do have a look.
Please do have a look.
@m1kit There are 3 license matcher implementations in the SPDX repos. There is a Python matcher based on Regular Expressions implemented with a goal of supporting the full matching guidelines: https://github.com/spdx/spdx_python_licensematching A Java implementation within the SPDX Java Tools: https://github.com/spdx/Spdx-Java-Library/blob/master/src/main/java/org/spdx/utility/compare/LicenseCompareHelper.java and the spdx-license-matcher mentioned in your post.
9 replies
Any ideas or any relevant sources from which i can work on this??
@thealphacod3r You can look at the Java design for how it achieved the same goal by creating system interface for storing the SPDX model in different formats - the documentation is here: https://github.com/spdx/Spdx-Java-Library#storage-interface
Another approach would be to implement readers and writers that would deserialize and serialize the files based on the format. Each reader would be implemented in a separate Github project and would be a dependency that can be wired in when needed - similar to the storage implementation approach used by the Java code.
@GSOC_ASPIRANTS I just went through the drafts submitted so far. Be sure to turn in your final submissions before the deadline.
@nyxiative Sorry I missed your post until now (for some reason gitter notifications stopped working for me) - This error seems to be a problem in JPype (one of our dependencies) and can be solved by restarting the server. I restarted the server. If you run into the error again, please post an issue at https://github.com/spdx/spdx-online-tools/issues
@m1kit since we're at the last day, with hours to go before the deadline, I'd say we should stop discussing whether the idea is good and proceed with the submission! An improved license matcher is always welcome, so feel free to submit a proposal on the topic. But you have to write it in such a way that you provide detailed information to help us understand what you will be doing and how this will be different (better) than what is already there...
1 reply
Don't worry if your draft wasn't reviewed by all the mentors, pdf should be uploaded and we can discuss the proposal later.
@goneall Token-based algorithms are fine to compare license text that looks similar but what if the two sentences look different syntactically but have the same meaning? Isn't the license matcher supposed to take into consideration the meaning of the sentences? There can be various ways to write a sentence that would have the same meaning.
2 replies
Isn't the license matcher supposed to take into consideration the meaning of the sentences? There can be various ways to write a sentence that would have the same meaning.
There is a specific set of rules the SPDX legal team came up with to define what legal terms are considered the same "meaning" documented in the License Matching Guidelines. Some of these guidelines are easier to implement in code than others.
1 reply
@aucampia Take a look at the reuse-tool which provides some support for the license headers. If you haven't already, take a look at Appendix IX for some recommendations on documenting license information in source files.
actually it is awesome, I was worried I cant specify config but it does what I want it to do, very nice
I just received an acceptance email from Google. I'm very excited and I'm looking forward to working with this organization in the coming months. Thank you for considering my proposal despite the very late submission.
It's 3 am Japan time now, so let's discuss the details of the plan after tomorrow. Good night!😪
It's 3 am Japan time now, so let's discuss the details of the plan after tomorrow. Good night!😪
Congratulations to all who were selected, but also to all who submitted proposals! The large majority was all of high quality -- it's too bad we can select only a single student for a task and that there are not enough mentors for us to be able to run more tasks.
Looking forward to an exciting GSoC season!
Looking forward to an exciting GSoC season!
I'm excited to help out!
If any of you have heard of MSFT's FOSS compliance effort ClearlyDefined, their team lead gave me the go ahead to ask if any of you have suggestions on a recent issue they've encountered clearlydefined/spdx#21
I like this project a lot, it's given me a few ideas within my org. It might help to understand better if you saw what is going on in their UI (above)
@anthonyronda We use ClearlyDefined in OSS Review Toolkit (ORT), to get package license metadata corrections for packages found by ORT. Unfortunately ClearlyDefined has a lot of NOASSERTIONs which make it difficult to use in ORT as it computes based on valid SPDX expressions
@tsteenbe I can totally see how that's frustrating. I've encountered discussions/complaints relating to NONE and NOASSERTION in a couple places, and the pressure to conform to a given standard often seems to be placed on the tools rather than the components with undiscoverable or missing data. NOASSERTION is the only correct value in such cases until a curation can set it to NONE or create a valid SPDX expression based on an undiscoverable license
anyway, I can see why they made that choice
your experience with ORT should prove really useful cracking their parens conundrum!
@zvr, hello! On the the May 28th Tech Team meeting, I suggested contacting Tidelift for permission to use their logo on the website
I think you said you were in correspondance with Luis Villa?
Please let me know how things are going on that front; I'm more than happy to contact them if you have other commitments right now :)
There's the General Meeting running now
I think everyone would like to hear from you about the Vulnerabilities Profile :)
