-
assigned issue to
- marked as enhancement
Poor Instructions for Component Whitelist
My projects edx/ecommerce (https://www.versioneye.com/user/projects/5818a6aa89f0a91daa7e6da0) has a few components with unknown licenses. I wan to whitelist these components, so I have setup a whitelist at https://www.versioneye.com/organisations/edX/component_whitelists/ECOM. It is clearly not working.
How do I fix this? Why is whitelisting so complicated?
Comments (8)
-
-
- changed status to resolved
Hi @clintonb The component whitelist is always an extension for the license whitelist. A component whitelist works only in combination with a license whitelist. It's documented on the component whitelist page:
Maybe it's not dominant enough? I will make the text more dominant.
Just create a license whitelist and put some licenses on it which you want to whitelist in your organisation. For example:
- MIT
- Apache-2.0
- Apache-1.0
- BSD
In the project settings tab, assign the license whitelist to the project AND the component whitelist. Than it will work.
-
reporter @reiz that is quite confusing! If the two lists are related, it would seem natural to always show them together. In general, it would be nice to be able to simply disable license checks altogether without the workaround.
-
Hi @clintonb. I see your point. I will work on it that the component whitelist works alone without the license whitelist. Somehow it makes sense.
I just noticed that your project can not be reparsed because it is linked to a requirements.txt file on GitHub, which doesn't exist anymore. It's linked to https://github.com/edx/ecommerce/blob/master/tests/requirements.txt.
-
Hi @clintonb. The component whitelist should now work as standalone list. But I noticed that your expressions on the component whitelist are wrong. You are using for example:
*:bootstrapaccessibilityplugin:*
That's not a valid expression which VersionEye understands. The valid expression would be:
html:paypal/bootstrapaccessibilityplugin
And instead of:
*:backbone-validation:*
Use this:
javascript:thedersen/backbone-validation
It always follows this pattern:
LANGUAGE : PROD_KEY : VERSION
There
PROD_KEY
is the uniq. identifier in VersionEye.VERSION
is optional. -
reporter @reiz, what determines the language? Both bootstrapaccessibilityplugin and backbone-validation are installed by Bower.
-
@clintonb The language is the programming language. Pretty much all package managers can be assigned to one single programming language. Bower is an exception. In the case of the bower we fetch the programming language information from the referenced GitHub repository.
-
reporter What's the reasoning for pulling language from Github? Why is the language necessary at all? That seems like an anti-feature. It would be nice if we could whitelist by package name alone, or by file (e.g. bower.json) and package name in the event of conflicting names across files. At the very least the source of the language should be documented so folks know where to look. It would be even better if I could simply click a button on a component page and add it to a whitelist.
- Log in to comment