-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[suggestion] SHA1 for about_resource field #315
Comments
@maxbrito Thanks for your input. One of a possible solutions is to use Your suggestion is good as the above solution may not work very well if users move the component around the codebase after the ABOUT file is generated (i.e. whenever a user move a component, the ABOUT file needs to be updated). However, your suggestion lose the simplicity for user to easily identify where is the component located since no path value present. Anyway, thanks for your suggestion. Your concern is noted and your suggestion will be taking into consideration. |
The current code get rid of the I will keep this ticket open for reference to see if we want to change the current behavior. |
Closing this and re-enter #566 . The issue is about multiple references. |
Hello,
I've been having difficulty in applying the
about_resource
field for customer code. The major hurdle is that the same binaries are duplicated across the project (e.g. folder for .war release, folder for binary release, folder used in development release).This situation forces to triplicate the same ABOUT file and isn't practical. And gets worse when we try to include the path to the
license_file
field because then relative paths are not the same.One possible way forward would be through an optional field for SHA1 signatures. When specified an hash, the matching files within the software project folders would be marked as belonging to this ABOUT file.
For example:
This way we can have an
./inventory/items/
folder on the project root where the collection of ABOUT files can be neatly placed and delivered to end-users. This way no matter how often duplicated or moved, these files end up getting the expected match.On the spec already exists
checksum_sha1
, perhaps it can be re-purposed for this goal rather than just downloaded files?Many thanks for taking this into consideration.
The text was updated successfully, but these errors were encountered: