CLC scanner adjustments - (WAS: Re: [Lazy consensus] request a VM for CLC for Apache projects)

Sat, 10 Jul 2021 00:05:53 -0700 

On 10/07/2021 04.44, Craig Russell wrote:

Before this gets out of hand, I have to object to flagging "master" as a git branch name 
without any other context like "slave".



There are different opinions on how rigorously to track the word 
'master' in the various communities, I think it best to leave it up to 
projects how they wish to handle this.



The scanner comes with a default behavior that is the same for each 
repository and slightly overzealous, but can be tailored for each repo 
at any time. What we're seeing right now is that default behavior. I 
have found personally that it's best to start with a wide net and then 
narrow it down manually by adjusting the parameters.



If a project decides they either don't want to track that word in a 
branch/url context, or don't want to track it altogether, they are free 
to make those adjustments. They can also omit certain files (or file 
types) from the scans.



For instance, if a project wishes to exclude the word 'master' if it 
appears inside a URL, they could add something like 
\bhttps?://.*master.*\b to the exclude context list. Or you can remove 
the word from the context list entirely if you are certain you don't 
have any issues with the word.


With regards,
Daniel.



Craig


On Jul 9, 2021, at 5:05 AM, Daniel Gruno <humbed...@apache.org> wrote:

On 08/07/2021 18.25, Rich Bowen wrote:

On 7/7/21 6:45 AM, Daniel Gruno wrote:

On 07/06/2021 19.48, Rich Bowen wrote:



On 6/6/21 8:04 AM, Daniel Gruno wrote:

(switching to the new list)

The VM is up and running at https://clc.diversity.apache.org/ and has ASF Oauth 
implemented, so any committer can make use of this service.

I have added a few projects to try things out, seems to work.

I suppose we should communicate this to all projects, so they may make use of 
it?

I drafted something here: https://hackmd.io/Scig_0a0R4K0_sADiQCJdA


Looks great, +1 to sending it out to projects :)

Related, all ASF repositories have been cloned to our VM and scanned once. 
Projects can log in via ASF OAuth and make adjustments to scan criteria as 
needed. The scanner runs once every 24 hours.


Craig L Russell
c...@apache.org


























					Reply via email to