Return-Path: Delivered-To: apmail-struts-user-archive@www.apache.org Received: (qmail 86278 invoked from network); 3 Mar 2009 18:55:12 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Mar 2009 18:55:12 -0000 Received: (qmail 73123 invoked by uid 500); 3 Mar 2009 18:55:02 -0000 Delivered-To: apmail-struts-user-archive@struts.apache.org Received: (qmail 73092 invoked by uid 500); 3 Mar 2009 18:55:02 -0000 Mailing-List: contact user-help@struts.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Struts Users Mailing List" Reply-To: "Struts Users Mailing List" Delivered-To: mailing list user@struts.apache.org Received: (qmail 73081 invoked by uid 99); 3 Mar 2009 18:55:02 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Mar 2009 10:55:02 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of musachy@gmail.com designates 209.85.162.177 as permitted sender) Received: from [209.85.162.177] (HELO el-out-1112.google.com) (209.85.162.177) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Mar 2009 18:54:55 +0000 Received: by el-out-1112.google.com with SMTP id v27so2016301ele.17 for ; Tue, 03 Mar 2009 10:54:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=wu8B2r21F5Bl2mpAO60FdhpQgSLQ1BtIzY7u+k820Ws=; b=DJ5ki09IFCZnvhYcfP58uTdzeirCqZVPZ+G7UHC8ZRG+OWMReGvd25dgL5Hc/L51Kd CQykwJ3EocqfOQPvVyuEmj+92OyLyoUp7iQ/iI+2ffg7Ce6rWTN75T7wKjvBDs9X46XK UvqQFWAETTsm708Tc00J9CN3b9B6nFkvjp+qo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=A1PpW2xG1a7sKNMCmiwPCxKtMRPhPdvls9Px1Br4p8UljMiLlDdRYao3a0C/yiUvb+ dzwXMmAKzJnevkBvEB/QWWXycWbfJ7EzUXJlEa0N6vQj4NP5s479z4sIex/yIO7KKOSz uJlHL4m6fULVftyUj5lPwcaRZgPjFvOhtqCCk= MIME-Version: 1.0 Received: by 10.150.91.4 with SMTP id o4mr12954103ybb.242.1236106474883; Tue, 03 Mar 2009 10:54:34 -0800 (PST) In-Reply-To: References: Date: Tue, 3 Mar 2009 13:54:34 -0500 Message-ID: Subject: Re: [OT] POM, licenses and dependency trees From: Musachy Barroso To: Struts Users Mailing List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org All the dependencies that we have, must have a license that is compatible with ASL 2. I don't know of any way to compile a list of licenses used, that would be cool for a maven plugin. musachy On Tue, Mar 3, 2009 at 9:32 AM, wrote: > How does a company go about fleshing out the aspects of FOSS without wast= ing > so many people's time? =A0As FOSS gains in popularity, we are sinking in = a > quagmire of manual research, analysis and legal license inspections. =A0I= t > seems the FOSSology product will unpack compressed files and sniff around > for licenses while on the other side of the planet we have Maven > repositories that understand version dependencies -- but there is a void = in > bring them together! > > In an attempt to follow a concrete day-in-the-job, let us consider > struts2.1.6 and let's further suppose that we plan to take advantage of a= ll > the downstream dependencies it offers (i.e. optionals). > > > =A0 1. Is there a version specific dependency tree mechanically available= ? > =A0 =A0 =A0- Will subsequent versions eventually appear in the same > =A0 =A0 =A0location.format? > =A0 2. What technique to use in determining the stack of licenses gleaned > =A0 from this tree? > > I see developers struggling to bring together the jars necessary to do a > build, which is time consuming and expensive. =A0I see a legal team in th= e > other building struggling to ascertain our risk, should this "stack" be > implemented. > > P.S. Does anyone here have first hand experience with FOSSology? > > Peace, > Scott > --=20 "Hey you! Would you help me to carry the stone?" Pink Floyd --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@struts.apache.org For additional commands, e-mail: user-help@struts.apache.org