1. Since we don't publish the dependencies HTML, fixing it isn't really a priority. Although if you have a reasonable fix, we'd be happy to accept it.
2. When building myself, I see the license listed as EPL with a correct link. 3. I don't see any way that Calcite could be considered as derived from jsr305. Furthermore, it has been used by many Apache projects for years without issue so I don't think there's a practical concern there. 4. As long as the update doesn't break compatibility and all tests pass, we generally accept updates to the latest versions of dependencies. But someone needs to take the initiative. Dependencies are often not updated unless a committer is actively working on that part of the code or there's a request for it. -- Michael Mior [email protected] 2018-01-28 7:43 GMT-05:00 Alexey Roytman <[email protected]>: > Hello, gurus! > When I do in my project (separate tree from Calcite, but calcite-core in > dependencies): > mvn clean site -U -Dhttp.proxyHost=... -Dhttp.proxyPort=... > -Dhttps.proxyHost=... -Dhttps.proxyPort=... > And then, I look at the target/site/dependencies.html file... > > And here are my 4 questions: > > 1. The following are interesting ones: > https://calcite.apache.org/calcite-core > https://calcite.apache.org/calcite-linq4j > https://calcite.apache.org/avatica/avatica-core > https://calcite.apache.org/avatica/avatica-metrics > http://hc.apache.org/httpcomponents-client > https://datasketches.github.io/memory/ > https://datasketches.github.io/sketches-core/ > https://github.com/julianhyde/aggdesigner/aggdesigner-algorithm > http://docs.codehaus.org/display/JANINO/Home/commons-compiler > http://docs.codehaus.org/display/JANINO/Home/janino > https://github.com/hamcrest/JavaHamcrest/hamcrest-core > https://developers.google.com/protocol-buffers/protobuf-java/ > https://github.com/google/guava/guava > They are inaccessible. > Is there any way for me (or us) to fix that? Or only Maven component owner > can do that? > > 2. The JUnit shows CPLv1 license (with broken URL of: > https://opensource.org/licenses/cpl1.0.txt) > But the actual license (http://junit.org/junit4/license.html) is EPL > (Eclipse Public License). > Anyway to fix that? > > 3. The calcite-core depends on a findbugs/jsr305. I hope a lot that > Calcite is not defined "derived work" in this case. Because for findbugs > there is some unexplained mix (https://github.com/findbugspr > oject/findbugs/issues/128) of LGPLv2 and NewBSD (for JSR305)... Any > comments? > > 4. What are the policies of Calcite to update dependencies to newer > version? > > - Alexey. > >
