Ulf Lorenz

Just to give this issue some more publicity, I would also like to support this feature request. We have a code base from which we build multiple different products (complex...

There seems to be a workaround for the second part in Issue #918. Of course, I did not search for _closed_ issues...

Update: We just had a build problem because of this issue again. Our situation is a multi-language build (C# + C++) that is administrated by CMake, and the normal developers,...

Just in case this is relevant for priorization: We encountered a similar, though slightly different problem. In our case, one of the tests triggered an error return code in the...

Update: Fixed some potentially confusing wording. I would like to add a few thoughts to the comment by @matt-phylum. For certain communities like Debian, there is a designated security team...

@BillyONeal: I second the point that I am not quite sure about the specific purpose of PURLs. In particular, the goal of specifying the exact recpie under which a package...

@BillyONeal The way a PURL sneaks into the security acts is a bit roundabout: * Act / Presidential order establishes that an SBOM must be created * Standardization committee creates...

@stefan6419846 : That would, however, mean that Pillow itself needs to be distributed under a dual license (GPL + current one). The Freetype library copyleft covers the using code (in...

Just to make my point clear: I think this whole issue is such a minor point it might not even register in a risk assessment, and it does not block...

I would second this issue. We have just run into a similar problem that could be conveniently solved by not adding analyzers.