git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dependencies licenses Report


> On Apr 24, 2018, at 1:18 PM, Gian Merlino <gian@xxxxxxxxxx> wrote:
> 
> Do you mean the license headers?

Yes, did quick run and was complaining first about our headers and also some of the other files without any headers. 

> Those, I think, we shouldn't change until
> the code is imported into Apache.

you are sure about this? thought the donation paper work is signed right?

> 
> If it's possible to use Rat to audit dependency licenses without looking at
> the license headers of our own files, that would still be useful at this
> point.

Not sure but will look.

> 
> On Tue, Apr 24, 2018 at 12:57 PM, Slim Bouguerra <bslim@xxxxxxxxxx> wrote:
> 
>> 
>> I Think the first step to use RAT is to reformat all the Druid code
>> licenses.
>> Any idea if this can be done now or we need some legal work to be done?
>> 
>> On 2018/04/20 17:52:46, Slim Bouguerra <slim.bouguerra@xxxxxxxxx> wrote:
>>> As Suggested above, RAT is used as a first filter that does most of the
>>> checking but it is not 100% enough.
>>> The mvn site plugin is used to collect list of dependencies but it is not
>>> enough as well.
>>> They manually edit/create the Licenses/Notice files. It is done by
>>> hand/a_human to avoid any glitch that an automatic tool will introduce
>> and
>>> to insure that someone has looked at it.
>>> Seems like it is time consuming the first time but then it should be
>>> incremental thus not that hard.
>>> 
>>> 
>>> 
>>> On Wed, Apr 18, 2018 at 8:45 AM, Julian Hyde <jhyde.apache@xxxxxxxxx>
>> wrote:
>>> 
>>>> The main tool to use is Apache RAT. Definitely use that.
>>>> 
>>>> One of the hardest tasks is getting the contents of LICENSE and NOTICE
>>>> right. That is a manual task I’m afraid.
>>>> 
>>>> Julian
>>>> 
>>>>> On Apr 18, 2018, at 08:34, Gian Merlino <gianmerlino@xxxxxxxxx>
>> wrote:
>>>>> 
>>>>> Hi Slim,
>>>>> 
>>>>> Do you know if ORC & Hive use this tool as part of their release
>> process?
>>>>> And if it's considered a good tool by itself for verifying we meet
>> all of
>>>>> the Apache licensing requirements, or if we'll need something else
>> too?
>>>>> 
>>>>>> On Tue, Apr 17, 2018 at 9:15 PM, Slim Bouguerra <bslim@xxxxxxxxxx>
>>>> wrote:
>>>>>> 
>>>>>> One of the question last dev synch was about the generation of
>>>> dependency
>>>>>> licenses.
>>>>>> Some projects (ORC and Hive) use the maven site plugin that can
>>>> generates
>>>>>> reports with all the dependencies and licenses details.
>>>>>> I have run it on Druid and this is how it looks for Druid Api
>> Module.
>>>>>> cmd
>>>>>> 
>>>>>> mvn project-info-reports:dependencies
>>>>>> 
>>>>>> The site directory can be found under target/site
>>>>>> here is an example for one module
>>>>>> https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-
>>>>>> OI7Oe/view?usp=sharing
>>>>>> 
>>>>>> Also no fancy tools used to detect unwanted licenses, it is done
>> while
>>>>>> reviewing PR
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> ------------------------------------------------------------
>> ---------
>>>>>> To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxx
>>>>>> For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxx
>>>>>> 
>>>> 
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxx
>>>> For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxx
>>>> 
>>>> 
>>> 
>>> 
>>> --
>>> 
>>> B-Slim
>>> _______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______
>>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxx
>> 
>> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxx