zipkin-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <>
Subject [GitHub] [incubator-zipkin] adriancole commented on issue #2548: Sort out DEPENDENCIES file for zipkin-lens
Date Sun, 02 Jun 2019 07:44:57 GMT
adriancole commented on issue #2548: Sort out DEPENDENCIES file for zipkin-lens
   I think first goal would be using the plugin to act like RAT and break the
   build if a copy-left production dependency is added. So far, I think we are
   $ license-checker --production|grep licenses|sort|uniq
   │  ├─ licenses: Apache-2.0
   │  ├─ licenses: BSD
   │  ├─ licenses: BSD*
   │  ├─ licenses: BSD-2-Clause
   │  ├─ licenses: BSD-3-Clause
   │  ├─ licenses: ISC
   │  ├─ licenses: MIT
   │  ├─ licenses: MIT*
      ├─ licenses: Apache-2.0
   On DEPENDENCIES file is formally defined as even required anywhere.
   definitely there is a requirement around bundled (vendored) source (eg in
   An aside, but our NOTICE files seem to have redundant info as the above
   link says it isn't required to include lines about apache licensed
   So, at this point, I'm thinking DEPENDENCIES is a nice to have and not an
   ASF requirement, else they would have listed it mandatory and described the
   I just spent some some looking for it and failed.. definitely there is a
   requirement around bundled (vendored) source (eg in LICENSE), but I can't
   see anything that says DEPENDENCIES is even a requirement. Maybe it is a
   nice to have?
   here's some sample output from the maven plugin regardless.. maybe for now
   we just redirect the output from license-checker in its own format to
   target/classes/META-INF/DEPENDENCIES under phase "generate-resources"?
   NOTE: the normal maven thing doesn't check indirect dependencies, though
   npm-checker does..
   From: 'Google, Inc.' (
     - Google Guice - Core Library (
       License: The Apache Software License, Version 2.0  (
   From: 'The Apache Software Foundation' (
     - Apache Commons CLI (
       License: Apache License, Version 2.0  (
   From: 'The Eclipse Foundation' (
     - org.eclipse.sisu.inject (
       License: Eclipse Public License, Version 1.0  (
   On Sun, Jun 2, 2019 at 3:16 PM Zoltán Nagy <> wrote:
   > There's also JSON output, so if there are indeed requirements on the
   > format of DEPENDENCIES, it should be relatively easy to post-process into
   > that (or even send a PR to the tool so that others can benefit as well,
   > adding something like an --asf-dependencies flag ;) )
   > Ready to code whenever requirements are settled.
   > —
   > You are receiving this because you authored the thread.
   > Reply to this email directly, view it on GitHub
   > <>,
   > or mute the thread
   > <>
   > .

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

With regards,
Apache Git Services

View raw message