On Mon, Sep 3, 2018 at 1:09 PM, Emmanuel Lécharny <[email protected]> wrote:
> Hi ! > > I have checked all the LDAP API dependencies this week-end. We don't > have many being used in the resulting package, most of them are just > used for tests. > > Here are the 'compile' scope dependencies : > > org.slf4j:slf4j-api:jar:1.7.25 > org.slf4j:slf4j-log4j12:jar:1.7.25 > log4j:log4j:jar:1.2.17 > antlr:antlr:jar:2.7.7 > org.apache.servicemix.bundles:org.apache.servicemix.bundles. > antlr:jar:2.7.7_5 > org.apache.servicemix.bundles:org.apache.servicemix.bundles. > dom4j:jar:1.6.1_5 > org.apache.servicemix.bundles:org.apache.servicemix.bundles. > xpp3:jar:1.1.4c_7 > xml-apis:xml-apis:jar:1.0.b2 > > That means the licenses for those dependencies must be present and > up-todate in our N&L. > > o slf4j 1.7.25 : we are still referencing the slf4j 1.7.10 license. I > changed that (note that the current version's license [1] date stops at > 2017, I have contacted Ceki about it) > > o log4j 1.2.17: this is an apache project, and version 1.X has reached > EOL in 2015 It's about time to upgrade to 2.11.1, the latest version > > I noticed so delay in startup time when log4j 2.x is used, I suspect that latest log4j version takes a bit more time to initialize, I have never encountered this with lg4j1.x. In either case I think it is a good idea to limit the scope of log4j dependency to tests and let the API users decide on the logging implementation to plug. It won't be an incompatible change because API code uses sl4j. > o antlr 2.7.7: surprisingly, there is nothing about it in LICENSE, but > OTOH, its license [2] does not require we add it. Credits is (lightly) > given in the distribution NOTICE file. I do think we should give credit > to antlr in a more visible place, like on the web site ([3]) > > o xml-apis is an Apache jar, from xml-commons > > o servicemix bundle : those are the one that I have to investgate. Here, > there are 3 transitive dependencies, and we need to check if we > reference teh license properly > > [1] https://www.slf4j.org/license.html > [2] http://www.antlr2.org/license.html > [3] http://directory.apache.org/special-thanks.html > -- > Emmanuel Lecharny > > Symas.com > directory.apache.org > > Kiran
