Clarify behaviour of Whitelist-Ignore buttons

[jerrinot]

I've got this result:

It's not clear to me what's the difference between Ignore and Whitelist. I am assuming Ignore means "Don't report this very depepdency anymore" while "Whitelist" will add the whole license to a whitelist. But this is just my guess, I would like the app to be more clear on that. Perhaps the button could have a floating hint or something.

And even if my assumption is correct then it's still not clear what will happen when a "Ignored" dependency will change its license in a future. Does "Ignore" means: "Don't ever report this depedency" or "Don't report this dependency as long as it stay at the current license" ?

[jankoritak]

First of all, thanks for the feedback, we appreciate it!

Ad.1.

Your assumption is correct.

• Whitelist - Add this packages's license into the list of allowed licenses. The result is such, that package with this license will be treated as compliant/allowed from now on.
• Override (found under License) - Override license or license text of this package@version.
• Ignore - Ignore this specific package@version, whatever license it has. The result is such, that only this package@version will be ignored. This does not affect any other licenses or packages.

We'll make sure to be more clear on the semantics.

Ad.2.

Ignore does not take potential future changes to the license into an account. It's rather a "force-style" operation in this regard. The same can be said about License Override.

We'll make sure to properly document this behaviour as well.