Il 10/09/2024 12:38, Peter B ha scritto:
Thanks for your reply, based on your previous reply I suppose add of debian/lrc.excludes will be enoughHi Fabio,On 10/09/2024 09:37, Fabio Fantoni wrote:I found some files that I suppose could be added to the exclusions: spec and PKG-INFOif you want take a look to this result and these files: https://salsa.debian.org/python-team/packages/bleachbit/-/jobs/6253106Do you have any other package examples? I'm reluctant to add more global excludes for single packages (now we have package specific excludes) for fear of false negatives.
on another project I found also another possible exclusion: LICENSEcan produce false positives mainly in the case of GPL +/"or-later" and similarWhich project?LICENSE was recently removed from the global excludes following a complaint of false negative.https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078564
using debian/lrc.excludes I suppose will be not needed
exactly but instead a specific spdx variable I think can be better a one variable that make possible to add any parameters to lrc command, including those that would be added in the futureI also think it could be useful to have a parameter to add manual exclusions for some rare cases where it can report "false positives"Please use debian/lrc.excludes as per my previous email.as a last thing I suggest to add a variable on the salsa test to add any additional parameters to pass to the lrc commandI was wondering what the use case would be, then realised that with 1.18 there is no way to use --spdx with Salsa CI!
Rather than start making changes to Salsa,I think the best approach is to change debian/lrc.excludes to a general configuration file. File names do not usually start with a minus '-', so any needed options can just be added to this file. Probably change the name to lrc.config, but parse both for backwards compatibility.Thanks for reporting these issues, Regards, Peter B
OpenPGP_signature.asc
Description: OpenPGP digital signature
