streams-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Blackmon <sblack...@apache.org>
Subject Re: full license inventory of third-party dependencies
Date Tue, 03 Apr 2018 03:02:52 GMT
I just opened
https://github.com/apache/streams/pull/431
where-in these dependencies are excluded from all streams modules.

There was one test impacted by removal of org.jboss.logging (now @Ignored)

I’m sure the test could be changed to not need the dependency
But unless anyone objects I’d prefer to delete the
streams-runtime-dropwizard module entirely.
Dropwizard has a pretty gnarly dependency tree, and IMO it doesn’t do
anything that Apache Juneau (which is a core dependency of Streams) doesn’t
do better.

Steve

On Apr 2, 2018 at 6:47 PM, Steve Blackmon <sblackmon@apache.org> wrote:


Here is a link to the third-party audit report from Jenkins.

https://builds.apache.org/job/streams-project-site/site/aggregate-third-party-report.html

I’ve begun looking into excluding / eliminating the 5 cat-x transitive
dependencies.

On Mar 31, 2018 at 4:08 PM, Steve Blackmon <sblackmon@apache.org> wrote:


I've opened a pull request that adds license-maven-plugin including a
maven site report.

https://github.com/apache/streams/pull/429

Once this merges (+1 please?) a new page will appear on the website
with a full transitive dependency inventory - and it should say there
are just over 550 dependencies, none of which have unidentified
licenses.

Also used the CLI tool license:aggregate-add-third-party from the
plugin to produce some files which I then edited into the attached
draft NOTICE file.

This process identified 5 dependencies, none important, that are
category X. They should be straightforward to exclude / remove. I'd
appreciate the PMC's feedback on the attached file, whether the format
is acceptable, any other critical content that may be missing, and
whether any dependencies may be problematic in addition to the five
already identified.

Per my understanding, with this accounting done, we need to provide
gather the license links and text into the NOTICE file, and once that
done we're permitted to perform a release that includes a binary based
on the new 'streams-dist' module.

Steve Blackmon
sblackmon@apache.org

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message