sbp commented on issue #312: URL: https://github.com/apache/tooling-trusted-releases/issues/312#issuecomment-3533267598
The wider design issue here is why we maintain two entirely separate and yet mostly overlapping checks for licenses. In early development we added a few license checks in Python to fill in for RAT. When we later implemented RAT as a check, the license checks that we added were already quite useful, and we found that RAT is quite a heavy dependency, so we kept the lightweight checks. We wanted to evaluate whether we could do a significant portion of the RAT work in a much smaller amount of code. I think we can, but should we? I don't know. Another possibility is that we set up a separate RAT web service, which the ATR can then call. We can then put that on another box, but it does mean having to do network transfer of large files. We could share the files, but then we'd be thinking about whether we'd have a shared drive in one datacentre, whether we'd be doing network sharing, and so on. Ideally we'd keep the architecture very simple. I think ultimately projects are so heavily invested in RAT already that we'll probably need to make it work, and should ditch the lightweight Python checks. Another question is whether we should inflate archives when they're uploaded and then keep the cache for subsequent checks in later revisions. I think we probably should. ATR is going to need a lot of disk space! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
