struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [OT] POM, licenses and dependency trees
Date Tue, 03 Mar 2009 14:32:52 GMT
How does a company go about fleshing out the aspects of FOSS without wasting
so many people's time?  As FOSS gains in popularity, we are sinking in a
quagmire of manual research, analysis and legal license inspections.  It
seems the FOSSology product will unpack compressed files and sniff around
for licenses while on the other side of the planet we have Maven
repositories that understand version dependencies -- but there is a void in
bring them together!

In an attempt to follow a concrete day-in-the-job, let us consider
struts2.1.6 and let's further suppose that we plan to take advantage of all
the downstream dependencies it offers (i.e. optionals).

   1. Is there a version specific dependency tree mechanically available?
      - Will subsequent versions eventually appear in the same
   2. What technique to use in determining the stack of licenses gleaned
   from this tree?

I see developers struggling to bring together the jars necessary to do a
build, which is time consuming and expensive.  I see a legal team in the
other building struggling to ascertain our risk, should this "stack" be

P.S. Does anyone here have first hand experience with FOSSology?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message