sbp commented on issue #273: URL: https://github.com/apache/tooling-trusted-releases/issues/273#issuecomment-3873500605
Issue #636, improving check result caching, is blocked by the present issue. To clarify, many checks already use determinstic inputs in the existing code, but we haven't documented in an easily available list what those inputs are. That is what the present issue asks us to document. When we opened this issue, it only really applied to user documentation, so that users are aware what affect their policy changes will have on checks, but now it has an extra benefit: when we have the list it aids us in, and indeed is entirely necessary for, our implementation of better check caching as asked for by #636. From a quick skim, `hashing.check`, `targz.integrity`, and `zipformat.integrity` don't depend on any policy settings. `targz.structure` and `zipformat.structure` depend on binary and source classification (which we're planning on making a partially implicit setting, see https://github.com/apache/tooling-trusted-releases/issues/629#issuecomment-3862324988). `license.files`, `license.headers`, and `rat.check` depend on the license check mode, binary and source classification, and (respectively) podling status, lightweight source exclusions, and RAT source exclusions. `paths.check`, `sbom.score_tool`, and `signature.check` are more complicated. The above is reviewing which checks depend on which inputs. The research already performed by @dave2wave above, https://github.com/apache/tooling-trusted-releases/issues/273#issuecomment-3693244334, was similar but records the other direction, i.e. which inputs flow into the checks. We should document both directions for user convenience, in the checks page and a new release options page respectively. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
