Hi ! I have checked all the LDAP API dependencies this week-end. We don't have many being used in the resulting package, most of them are just used for tests.
Here are the 'compile' scope dependencies : org.slf4j:slf4j-api:jar:1.7.25 org.slf4j:slf4j-log4j12:jar:1.7.25 log4j:log4j:jar:1.2.17 antlr:antlr:jar:2.7.7 org.apache.servicemix.bundles:org.apache.servicemix.bundles.antlr:jar:2.7.7_5 org.apache.servicemix.bundles:org.apache.servicemix.bundles.dom4j:jar:1.6.1_5 org.apache.servicemix.bundles:org.apache.servicemix.bundles.xpp3:jar:1.1.4c_7 xml-apis:xml-apis:jar:1.0.b2 That means the licenses for those dependencies must be present and up-todate in our N&L. o slf4j 1.7.25 : we are still referencing the slf4j 1.7.10 license. I changed that (note that the current version's license [1] date stops at 2017, I have contacted Ceki about it) o log4j 1.2.17: this is an apache project, and version 1.X has reached EOL in 2015 It's about time to upgrade to 2.11.1, the latest version o antlr 2.7.7: surprisingly, there is nothing about it in LICENSE, but OTOH, its license [2] does not require we add it. Credits is (lightly) given in the distribution NOTICE file. I do think we should give credit to antlr in a more visible place, like on the web site ([3]) o xml-apis is an Apache jar, from xml-commons o servicemix bundle : those are the one that I have to investgate. Here, there are 3 transitive dependencies, and we need to check if we reference teh license properly [1] https://www.slf4j.org/license.html [2] http://www.antlr2.org/license.html [3] http://directory.apache.org/special-thanks.html -- Emmanuel Lecharny Symas.com directory.apache.org
pEpkey.asc
Description: application/pgp-keys
