jihoonson opened a new pull request #7998: Binary license management system URL: https://github.com/apache/incubator-druid/pull/7998 ### Motivation We are currently maintaining LICENSE.BINARY file manually. The way we do now is 1) Generating dependency reports using maven and npm 2) Compare the licenses in LICENSE.BINARY against generated reports 3) Fix LICENSE.BINARY if something is wrong This is a huge burden for the release manager since we have tons of binary dependency. We should automate this check. ### Description This PR adds a binary license management system. All binary licenses are maintained in `license.yaml` file. Here is a snippet of the file. ```yaml name: modified portions of the Guava library license_category: source license_name: Apache License version 2.0 module: java-core copyright: The Guava Authors (https://github.com/google/guava) source_paths: - Closer class: core/src/main/java/org/apache/druid/java/util/common/io/Closer.java - Splitter.splitToList() method: core/src/main/java/org/apache/druid/java/util/common/parsers/DelimitedParser.java - DirectExecutorService class: core/src/main/java/org/apache/druid/java/util/common/concurrent/DirectExecutorService.java --- name: Checker Qual license_category: binary module: java-core license_name: MIT License version: 2.5.7 copyright: the Checker Framework developers license_file_path: licenses/bin/checker-qual.MIT libraries: - org.checkerframework: checker-qual ``` Note that `skip_dependency_report_check` is set to true for some licenses. For `FindBugs JSR305`, it's set to true since maven dependency plugin reports a wrong license (LGPL). Note that `FindBugs` is licensed under LGPL but `JSR305` is licensed under [BSD-3 license](https://github.com/findbugsproject/findbugs/blob/2.0.1/findbugs/licenses/LICENSE-jsr305.txt). This script also skips dependency report check for `"Java Concurrency In Practice" Book Annotations` since it points to a book and doesn't have a valid library version. `docs/_bin/generate-license.py` reads this file, checks the registered licenses with maven dependency report, and generates the contents of `LICENSE.BINARY` file. You can run this program as below: ```bash $ docs/_bin/generate-license-dependency-reports.py /path/to/druid/source/code /path/to/root/of/license-reports/ $ docs/_bin/generate-license.py license.yaml /path/to/root/of/license-reports/ > LICENSE.BINARY ``` The generated `LICENSE.BINARY` file is a little bit different from the current one, mostly because of the difficulty of auto generation. I will adjust `distribution/pom.xml` to generate LICENSE.BINARY when building binary distribution in a follow-up PR. I will also set up Travis to run license check automatically.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
