brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Downer <rich...@apache.org>
Subject Maven dependencies license audit
Date Thu, 04 Sep 2014 10:16:30 GMT
All,

I have completed an analysis of our Maven dependencies and transitive
dependencies to make sure that we're clean from a licensing viewpoint
to release. This message states for the record the results of my
research and the implications for Apache Brooklyn.

After classifying all of our transitive dependencies according to
Category A, Category B and Category X[1], the only dependencies in
Category X are these:

JNA (net.java.dev.jna:jna and :platform)
- this is transitive via jclouds, and is used only when an SSH agent
is in use. Brooklyn does not support that configuration so the JNA
code probably won't get hit (I will of course test this assumption),
so we are most likely OK with adding a Maven <exclusion> to stop it
appearing in the binary distribution.

BeanShell (org.beanshell:bsh:2.0b4)
- appears extensively as a dependency of TestNG - POM declared itself
as being LGPL licensed - fortunately, the Beanshell web site[2]
declares it to be dual-licensed under the Sun Public License, which
means it's actually in Category B.

JBoss Logging 3 (org.jboss.logging:jboss-logging:3.1.0.CR2)
jzmq (backtype:jzmq:2.1.0)
- both of these are test dependencies, meaning that they are not part
of binary distribution, and are optional when building from source

MySQL java connector (mysql:mysql-connector-java:5.1.18)
- used only by tests or examples, meaning that they are not part of
binary distribution, and are optional when building from source


Richard.


[1] https://www.apache.org/legal/resolved.html
[2] http://www.beanshell.org/license.html

Mime
View raw message