Closed Piiit closed 3 years ago
@mrabans FYI
Please also accept the invitation for this project
@mrabans needs to work on some changes we requested inside the original issue, hence blocked for now
@Piiit please see my latest push today into the snapmatcher branch and the merge request for master https://git.ostc-eu.org/oss-compliance/toolchain/aliens4friends/-/merge_requests/27
@mrabans I added a new todo in the main comment section
use snapshot.debian.org API to search and fetch debian source packages
Outsourced to Martin R.
Some debian package versions may be removed from debian repositories over time (eg. alsa-lib_1.2.3, found by the debian matcher for OHOS debian release on Apr 12, 2021, as of May 3, 2021 cannot be found any more in debian repos). This may lead to inconsistent and non-reproducible results by the debian matcher. We should use snapshot.debian.org API instead (https://salsa.debian.org/snapshot-team/snapshot/raw/master/API), which would enable us to find more possibly matching versions in debian (and possibly closer matches), and would lead to stable and reproducible results over time
https://git.ostc-eu.org/oss-compliance/toolchain/aliens4friends/-/issues/9
UPDATE 2021-06-16 We agreed that the findings must not be reproducible, but only find the best match with what the snapshot API gives at some time point. The reproducibility would be a major effort since the API itself does not support filtering against a time interval, hence we would need to crawl the data, and generate our own API and database. This effort is too high compared to the gain... I change the title of this user story therefore...