From dev-return-4602-archive-asf-public=cust-asf.ponee.io@streams.apache.org Tue Apr 3 05:02:57 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id B5693180627 for ; Tue, 3 Apr 2018 05:02:56 +0200 (CEST) Received: (qmail 90802 invoked by uid 500); 3 Apr 2018 03:02:55 -0000 Mailing-List: contact dev-help@streams.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@streams.apache.org Delivered-To: mailing list dev@streams.apache.org Received: (qmail 90791 invoked by uid 99); 3 Apr 2018 03:02:55 -0000 Received: from mail-relay.apache.org (HELO mailrelay2-lw-us.apache.org) (207.244.88.137) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Apr 2018 03:02:55 +0000 Received: from mail-it0-f51.google.com (mail-it0-f51.google.com [209.85.214.51]) by mailrelay2-lw-us.apache.org (ASF Mail Server at mailrelay2-lw-us.apache.org) with ESMTPSA id 8588CFDD for ; Tue, 3 Apr 2018 03:02:54 +0000 (UTC) Received: by mail-it0-f51.google.com with SMTP id 142-v6so21291464itl.5 for ; Mon, 02 Apr 2018 20:02:54 -0700 (PDT) X-Gm-Message-State: AElRT7GUgHjL6HlPQb1UzkUuyOnkOeIGgcuhr01Jwd+mG3BTnRvbPL7Q WM9fD/7IkCpLWpnFoW7UUyaxsrdA1hTWOP6BuKpxtg== X-Google-Smtp-Source: AIpwx49h9IaQN0nGKyJ0HAYnRmitylrC/QJwsJhfqBL9FAloukmhngMMpcMUl8c0nuiz9f7Mivd1MuhAnh11kEwzAUQ= X-Received: by 2002:a24:a382:: with SMTP id p124-v6mr3477171ite.126.1522724573653; Mon, 02 Apr 2018 20:02:53 -0700 (PDT) Received: from 661309549932 named unknown by gmailapi.google.com with HTTPREST; Mon, 2 Apr 2018 23:02:52 -0400 From: Steve Blackmon In-Reply-To: References: MIME-Version: 1.0 Date: Mon, 2 Apr 2018 23:02:52 -0400 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: full license inventory of third-party dependencies To: dev@streams.apache.org Content-Type: multipart/alternative; boundary="0000000000004dc67b0568e8f19e" --0000000000004dc67b0568e8f19e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I just opened https://github.com/apache/streams/pull/431 where-in these dependencies are excluded from all streams modules. There was one test impacted by removal of org.jboss.logging (now @Ignored) I=E2=80=99m sure the test could be changed to not need the dependency But unless anyone objects I=E2=80=99d prefer to delete the streams-runtime-dropwizard module entirely. Dropwizard has a pretty gnarly dependency tree, and IMO it doesn=E2=80=99t = do anything that Apache Juneau (which is a core dependency of Streams) doesn= =E2=80=99t do better. Steve On Apr 2, 2018 at 6:47 PM, Steve Blackmon wrote: Here is a link to the third-party audit report from Jenkins. https://builds.apache.org/job/streams-project-site/site/aggregate-third-par= ty-report.html I=E2=80=99ve begun looking into excluding / eliminating the 5 cat-x transit= ive dependencies. On Mar 31, 2018 at 4:08 PM, Steve Blackmon wrote: I've opened a pull request that adds license-maven-plugin including a maven site report. https://github.com/apache/streams/pull/429 Once this merges (+1 please?) a new page will appear on the website with a full transitive dependency inventory - and it should say there are just over 550 dependencies, none of which have unidentified licenses. Also used the CLI tool license:aggregate-add-third-party from the plugin to produce some files which I then edited into the attached draft NOTICE file. This process identified 5 dependencies, none important, that are category X. They should be straightforward to exclude / remove. I'd appreciate the PMC's feedback on the attached file, whether the format is acceptable, any other critical content that may be missing, and whether any dependencies may be problematic in addition to the five already identified. Per my understanding, with this accounting done, we need to provide gather the license links and text into the NOTICE file, and once that done we're permitted to perform a release that includes a binary based on the new 'streams-dist' module. Steve Blackmon sblackmon@apache.org --0000000000004dc67b0568e8f19e--