Hi Daniel, Thanks for the details. I found the setting that allows the project to exclude "master" from the flagged word list where we want it to be.
The DB JDO project use this to describe the relationship between github and gitbox: The ASF operates a dual master system for repositories that use Git as their primary version Do you know if this phrasing is now best practice in Apache? Thanks, Craig > On Jul 10, 2021, at 12:05 AM, Daniel Gruno <humbed...@apache.org> wrote: > > On 10/07/2021 04.44, Craig Russell wrote: >> Before this gets out of hand, I have to object to flagging "master" as a git >> branch name without any other context like "slave". > > There are different opinions on how rigorously to track the word 'master' in > the various communities, I think it best to leave it up to projects how they > wish to handle this. > > The scanner comes with a default behavior that is the same for each > repository and slightly overzealous, but can be tailored for each repo at any > time. What we're seeing right now is that default behavior. I have found > personally that it's best to start with a wide net and then narrow it down > manually by adjusting the parameters. > > If a project decides they either don't want to track that word in a > branch/url context, or don't want to track it altogether, they are free to > make those adjustments. They can also omit certain files (or file types) from > the scans. > > For instance, if a project wishes to exclude the word 'master' if it appears > inside a URL, they could add something like \bhttps?://.*master.*\b to the > exclude context list. Or you can remove the word from the context list > entirely if you are certain you don't have any issues with the word. > > With regards, > Daniel. > >> Craig >>> On Jul 9, 2021, at 5:05 AM, Daniel Gruno <humbed...@apache.org> wrote: >>> >>> On 08/07/2021 18.25, Rich Bowen wrote: >>>> On 7/7/21 6:45 AM, Daniel Gruno wrote: >>>>> On 07/06/2021 19.48, Rich Bowen wrote: >>>>>> >>>>>> >>>>>> On 6/6/21 8:04 AM, Daniel Gruno wrote: >>>>>>> (switching to the new list) >>>>>>> >>>>>>> The VM is up and running at https://clc.diversity.apache.org/ and has >>>>>>> ASF Oauth implemented, so any committer can make use of this service. >>>>>>> >>>>>>> I have added a few projects to try things out, seems to work. >>>>>>> >>>>>>> I suppose we should communicate this to all projects, so they may make >>>>>>> use of it? >>>> I drafted something here: https://hackmd.io/Scig_0a0R4K0_sADiQCJdA >>> >>> Looks great, +1 to sending it out to projects :) >>> >>> Related, all ASF repositories have been cloned to our VM and scanned once. >>> Projects can log in via ASF OAuth and make adjustments to scan criteria as >>> needed. The scanner runs once every 24 hours. >> Craig L Russell >> c...@apache.org > Craig L Russell c...@apache.org
