Skip to content

Kotlin Developer Meeting

Jump to bottom
Sebastian Schuberth edited this page Sep 2, 2025 · 234 revisions

This page hosts the agenda of Kotlin / deeply technical topics to be discussed by the core developers in a smaller round than the Community Meeting. If you want to contribute and have concrete technical questions, please ping us on Slack to get invited to the meeting.

Meeting Minutes

Future

2025-09-02

2025-07-22

2025-07-15

2025-06-24

2025-06-17

2025-06-03

2025-05-20

  • How to implement AI-powered Copyright filtering? (in OCCTET context)
    • Generate a copyright-garbage.yml file? Still needs scan-result.yml as the input.
      • This is the way to go for now.
    • Rewrite scan-result.yml with Copyrights filtered out?
    • Create a plugin interface for Copyright garbage filters?
  • Agreement to aim for a strict split between data classes that resemble serialization models and mappings to ORT data models
    • A good example are the Node PM's ModuleInfo.kt files
      • Only one top-level data class with no member functions
      • No other top-level functions than those needed for deserialization
      • No ORT-specific code or imports
    • Probably add this to the contribution or development guide
    • Additional detekt / Konsist checks maybe

2025-05-06

2025-04-29

2025-04-15

  • Discuss Exclude binary license files to prevent reporter hang.
    • Comments added to PR.
  • Consider removing on-disk-caches in favor of only in-memory-caches (Yarn, Maven).
    • Try with in-memory cache only for Yarn to reduce usage of old DiskLru cache; eventually re-implement on-disk caching with other means if there are performance issues.
  • Rename helper-cli to cli-helper to group with cli.
    • Yes.

2025-03-25

2025-03-18

2025-03-04

  • Agree on way forwards for package configuration version ranges https://github.com/oss-review-toolkit/ort/issues/9918
  • Add new SPDX reporter which uses the SPDX java library.
    • at first: Produce similar output to the existing reporter
    • then: Produce also SPDX v2.3
    • Remove existing reporter later on if the new one is considered a replacement.

2025-02-25

  • Do we want to merge the ORT Result Schema Reporter?
    • Basically yes, but maybe migrate to a top-level option similar to clikt's built-in --generate-completion.

2025-02-11

  • Plugin questions (@mnonnenmacher)
    • Should plugin constructors be internal to force use of the factory? -> yes
    • Should plugin descriptors move from the constructor to overrides inside the class? -> no
  • Issue label vs types vs. templates (@sschuberth)
    • Enhancement vs. new feature

2025-01-14

2025-01-07

2024-12-17

2024-12-03

2024-11-26

  • Used for backlog grooming ("Closed as part of backlog grooming. Feel free to comment if you would like to contribute to this.")
    • Finished!

2024-11-19

2024-11-12

2024-11-05

2024-10-15

2024-10-08

  • Setting SPDX's licenseDeclared e.g. for Go dependencies that have no metadata?
    • Yes, based on RootLicenseMatcher.
    • Additionally, the analyzer could query the GitHub API for "repository declared licenses" (which are actually licenses detected by Licensee).
  • Should we have a "too many scan failures" heuristic for scanners? Also see this discussion.
    • Rather throw special exception from scanner implementation that generic heuristic on "client" side.
  • Used for backlog grooming ("Closed as part of backlog grooming. Feel free to comment if you would like to contribute to this.")

2024-09-24

  • Build ORT with Java 21
    • Postpone by at least one week to not cause migration efforts for this week's release, which contains important Bazel changes.
  • Remove SPDX document file analyzer in favor of making the package list helper-cli an analyzer.
    • No, still required by Bosch. Better do another implementation based on the new SPDX Java library, similar to a new SPDX reporter.
    • Also will be required by BitBake support.
  • Cleanup of teams.
    • Proposal: Consolidate "Committers", "Contributes" and "core-devs" to just "devs".

2024-09-17

  • Discuss how to best represent projects which are part of a "workspace" in the analyzer result. As Project or as Package. See also node managers.

2024-09-10

  • New API to download JDKs.
    • Expose version (and name) property to select JDK.
  • Remove NexusIQ.
    • 90 day deprecation notice first, ask in community meeting.
  • Work to maintain CVSS vectors.
    • Split severity into score and vector.

2024-08-27

2024-08-20

2024-07-15

2024-07-08 (skipped)

  • Skipped due to general unavailability of participants.

2024-07-01

2024-06-24

2024-06-17

2024-06-10

2024-06-03

2024-05-27

2024-04-29

2024-04-08

2024-01-29

2024-01-08

  • Scanner API improvements
    • Teach scanPackage about the configured sourceCodeOrigins.
    • Make the global scanner configuration accessible from scanner implementations.
  • Remove the SpdxExpression.licenses() function as it makes it too easy to do "dangerous" things?
  • Replace the ort-config's curation project with a script-based solution?
  • Allow key / value pair as license categories with arbitrary values, see this.

2023-12-18

2023-11-27

2023-11-20

2023-10-30

  • Where to apply default values for advisor configuration?
  • Align create(options: Options) implementations.
  • Get rid of double config nesting in ORT results for advisor / scanner configuration?
    • We should try to avoid constructs like val frontendUrl = ortResult.scanner?.config?.config?.get("DOS")?.options?.get("frontendUrl"), maybe by introducing a helper extension function (as a smooth transition to an interface-based API).

2023-10-09

2023-09-18

  • Maintain orthw and helper-cli in a single repo?

2023-09-04

2023-08-30

2023-08-21

2023-07-24

2023-07-17

2023-07-10

2023-07-03

2023-06-26

2023-06-19

2023-06-12

2023-06-05

2023-05-22

2023-04-17

2023-03-20

2023-03-06

  • New GoMod issue to look at.
  • How to move forward with (configurable advisor plugins)[https://github.com/oss-review-toolkit/ort/pull/6613]?

2023-02-26

2023-02-20

2023-02-06

2023-01-16

  • Separating & Re-applying curations for specific providers (see this comment)
  • Automated releases

2023-01-09

2022-12-19

2022-11-28

2022-11-21

2022-11-14

2022-11-07

 ______________________________
/        \_______   \__    ___/ The OSS Review Toolkit, version 1.0.0.
|    |   | |       _/ |    |
|    |   | |    |   \ |    |    Running 'wiki' as 'ort' under Java on GitHub
\________/ |____|___/ |____|    with a lot of CPUs and a maximum amount of memory.

Community

Clone this wiki locally