Add new attributes for curations

[AyanSinhaMahapatra]

Adds two new attributes:

• deployed_resource
• is_curated

These are used to curate resources in deployed code.

Reference: nexB/scancode.io#834

[chinyeungli]

@AyanSinhaMahapatra and @pombredanne Can you elaborate a bit what is the different between the about_resource and deployed_resource and what is the value of it (in another word, why is it needed)?
From your example

about_resource: elasticsearch
deployed_resource: elasticsearch-2.3.4.jar
is_curated: yes

Is the above referencing a directory named elasticsearch, and the file elasticsearch-2.3.4.jar inside the elasticsearch directory is deployed.
I think the ABOUT file should only reference the "metadata" (i.e license/copyright/info etc.) of the file/component/package itself instead of it deployment status.
Imagine the development team use the same codebase for multiple products while one deploy the elasticsearch-2.3.4.jar and others don't? Would that create confusion (or extra work)?
I am not against this, but I would like to clarify the need of this attributes

[mjherzog]

Is the intent for deployed_resource to describe the name of the component when it is deployed as opposed to denoting that it is Deployed in a particular context?

[chinyeungli]

Oh... so is it referring something like ?

about_resource: zlib
deployed_resource: libz.so

[AyanSinhaMahapatra]

Can you elaborate a bit what is the different between the about_resource and deployed_resource and what is the value of it (in another word, why is it needed)?

In the context of d2d, we are now also using ABOUT files to map to resources on the deployed side, as curations.

#539 (comment) is correct, here ABOUT files which are there in the development codebase side-by-side with the files is different from curation ABOUT files, which are there also in the developement codebase in a location where the code is being built from, but maps to the deployed side. Some examples are patched jars, specific resources built from other sources and other packages. To be able to distinguish between these two types of ABOUT files we need the is_curation attribute. See also nexB/scancode.io#834

Now we are using patterns to map to deployed resource paths, and this is also different from the about_resource field in the ABOUT spec as this is resources in the deployed side, and not present side-by-side in the devel codebase. We are currently using about_resource temporarily to have these patterns, until this spec change is accepted. But this is incorrect both because of the above reason, and that the about_resource spec does not support patterns for now.

The example doc here can be improved to explain more on this all right, let me add that too.
See also:

• Support patterns in ABOUT resource paths scancode.io#982
• Support ignored_resources attribute in ABOUT files scancode.io#810

Is the intent for deployed_resource to describe the name of the component when it is deployed

Yes. And also the location where it is deployed through patterns (for now atleast, we can use checksums too later), so we map it correctly.

[pombredanne]

We need to discuss this more.

[pombredanne]

@AyanSinhaMahapatra and I had a session and came up with this update approach
nexB/scancode.io#834 (comment)

This would mean adding a new optional attribute called codebase that would state which codebase the ABOUT file applies to, with values of development, deployment