streams-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Blackmon <sblack...@apache.org>
Subject full license inventory of third-party dependencies
Date Sat, 31 Mar 2018 21:08:49 GMT
I've opened a pull request that adds license-maven-plugin including a
maven site report.

https://github.com/apache/streams/pull/429

Once this merges (+1 please?) a new page will appear on the website
with a full transitive dependency inventory - and it should say there
are just over 550 dependencies, none of which have unidentified
licenses.

Also used the CLI tool license:aggregate-add-third-party from the
plugin to produce some files which I then edited into the attached
draft NOTICE file.

This process identified 5 dependencies, none important, that are
category X.  They should be straightforward to exclude / remove.  I'd
appreciate the PMC's feedback on the attached file, whether the format
is acceptable, any other critical content that may be missing, and
whether any dependencies may be problematic in addition to the five
already identified.

Per my understanding, with this accounting done, we need to provide
gather the license links and text into the NOTICE file, and once that
done we're permitted to perform a release that includes a binary based
on the new 'streams-dist' module.

Steve Blackmon
sblackmon@apache.org

Mime
View raw message