struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Musachy Barroso <>
Subject Re: [OT] POM, licenses and dependency trees
Date Tue, 03 Mar 2009 18:54:34 GMT
All the dependencies that we have, must have a license that is
compatible with ASL 2. I don't know of any way to compile a list of
licenses used, that would be cool for a maven plugin.


On Tue, Mar 3, 2009 at 9:32 AM,  <> wrote:
> How does a company go about fleshing out the aspects of FOSS without wasting
> so many people's time?  As FOSS gains in popularity, we are sinking in a
> quagmire of manual research, analysis and legal license inspections.  It
> seems the FOSSology product will unpack compressed files and sniff around
> for licenses while on the other side of the planet we have Maven
> repositories that understand version dependencies -- but there is a void in
> bring them together!
> In an attempt to follow a concrete day-in-the-job, let us consider
> struts2.1.6 and let's further suppose that we plan to take advantage of all
> the downstream dependencies it offers (i.e. optionals).
>   1. Is there a version specific dependency tree mechanically available?
>      - Will subsequent versions eventually appear in the same
>      location.format?
>   2. What technique to use in determining the stack of licenses gleaned
>   from this tree?
> I see developers struggling to bring together the jars necessary to do a
> build, which is time consuming and expensive.  I see a legal team in the
> other building struggling to ascertain our risk, should this "stack" be
> implemented.
> P.S. Does anyone here have first hand experience with FOSSology?
> Peace,
> Scott

"Hey you! Would you help me to carry the stone?" Pink Floyd

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message