git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dependencies licenses Report


Do you mean the license headers? Those, I think, we shouldn't change until
the code is imported into Apache.

If it's possible to use Rat to audit dependency licenses without looking at
the license headers of our own files, that would still be useful at this
point.

On Tue, Apr 24, 2018 at 12:57 PM, Slim Bouguerra <bslim@xxxxxxxxxx> wrote:

>
> I Think the first step to use RAT is to reformat all the Druid code
> licenses.
> Any idea if this can be done now or we need some legal work to be done?
>
> On 2018/04/20 17:52:46, Slim Bouguerra <slim.bouguerra@xxxxxxxxx> wrote:
> > As Suggested above, RAT is used as a first filter that does most of the
> > checking but it is not 100% enough.
> > The mvn site plugin is used to collect list of dependencies but it is not
> > enough as well.
> > They manually edit/create the Licenses/Notice files. It is done by
> > hand/a_human to avoid any glitch that an automatic tool will introduce
> and
> > to insure that someone has looked at it.
> > Seems like it is time consuming the first time but then it should be
> > incremental thus not that hard.
> >
> >
> >
> > On Wed, Apr 18, 2018 at 8:45 AM, Julian Hyde <jhyde.apache@xxxxxxxxx>
> wrote:
> >
> > > The main tool to use is Apache RAT. Definitely use that.
> > >
> > > One of the hardest tasks is getting the contents of LICENSE and NOTICE
> > > right. That is a manual task I’m afraid.
> > >
> > > Julian
> > >
> > > > On Apr 18, 2018, at 08:34, Gian Merlino <gianmerlino@xxxxxxxxx>
> wrote:
> > > >
> > > > Hi Slim,
> > > >
> > > > Do you know if ORC & Hive use this tool as part of their release
> process?
> > > > And if it's considered a good tool by itself for verifying we meet
> all of
> > > > the Apache licensing requirements, or if we'll need something else
> too?
> > > >
> > > >> On Tue, Apr 17, 2018 at 9:15 PM, Slim Bouguerra <bslim@xxxxxxxxxx>
> > > wrote:
> > > >>
> > > >> One of the question last dev synch was about the generation of
> > > dependency
> > > >> licenses.
> > > >> Some projects (ORC and Hive) use the maven site plugin that can
> > > generates
> > > >> reports with all the dependencies and licenses details.
> > > >> I have run it on Druid and this is how it looks for Druid Api
> Module.
> > > >> cmd
> > > >>
> > > >> mvn project-info-reports:dependencies
> > > >>
> > > >> The site directory can be found under target/site
> > > >> here is an example for one module
> > > >> https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-
> > > >> OI7Oe/view?usp=sharing
> > > >>
> > > >> Also no fancy tools used to detect unwanted licenses, it is done
> while
> > > >> reviewing PR
> > > >>
> > > >>
> > > >>
> > > >> ------------------------------------------------------------
> ---------
> > > >> To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxx
> > > >> For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxx
> > > >>
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxx
> > > For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxx
> > >
> > >
> >
> >
> > --
> >
> > B-Slim
> > _______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxx
>
>