yeah. I can take this one and prepare a script
On 2019/04/10 02:30:16, Ian Luo <[email protected]> wrote: > Let's introduce a convenient script first and put it in the root directory. > YuKun, would you mind to take this? > > Thanks, > -Ian. > > On Tue, Apr 9, 2019 at 5:47 PM YunKun Huang <[email protected]> wrote: > > > Yeah. this check process is slow in my local machine. > > I agree with doing it manually > > > > On 2019/04/09 03:29:35, Huxing Zhang <[email protected]> wrote: > > > Hi, > > > > > > On Tue, Apr 9, 2019 at 11:14 AM YunKun Huang <[email protected]> wrote: > > > > > > > > Should we add this check in travis CI or do this check each time for a > > new dependency added > > > > > > The problem is that not every time a new dependency will be added, and > > > the process will take too much time in my local test. My concerns is > > > that UT will take much longer to finish. > > > So I suggest to check it manually when new dependency is added (the > > > reviewer should check the dependencies when doing code review) and > > > when doing release vote. > > > How do you think? > > > > > > > > > > > On 2019/04/08 06:09:56, Ian Luo <[email protected]> wrote: > > > > > Great, let's target it to 2.7.2. I have moved the issue [1] into > > 2.7.2's > > > > > bucket. > > > > > > > > > > -Ian. > > > > > > > > > > 1. https://github.com/apache/incubator-dubbo/issues/3804 > > > > > > > > > > On Tue, Apr 2, 2019 at 5:59 PM Huxing Zhang <[email protected]> > > wrote: > > > > > > > > > > > Hi, > > > > > > > > > > > > It looks like the dependencies with incompatible licenses have been > > > > > > removed on the Nacos side. > > > > > > So I think Dubbo should upgrade to the latest version once there > > is a > > > > > > release. > > > > > > > > > > > > On Tue, Apr 2, 2019 at 10:28 AM Ian Luo <[email protected]> wrote: > > > > > > > > > > > > > > We should contact nacos's developer to fix this dependency issue. > > > > > > > > > > > > > > -Ian. > > > > > > > > > > > > > > On Mon, Apr 1, 2019 at 6:15 PM Huxing Zhang <[email protected]> > > wrote: > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > When I am looking at this issue[1], I realized that Dubbo may > > have the > > > > > > > > same issue. > > > > > > > > From Dubbo 2.7.1 and 2.6.6 onwards the Nacos support has been > > added, > > > > > > > > where the following dependency has been added: > > > > > > > > > > > > > > > > <dependency> > > > > > > > > <groupId>com.alibaba.nacos</groupId> > > > > > > > > <artifactId>nacos-client</artifactId> > > > > > > > > <version>${nacos.version}</version> > > > > > > > > <optional>true</optional> > > > > > > > > </dependency> > > > > > > > > > > > > > > > > which depend on the following dependencies: > > > > > > > > > > > > > > > > <dependency> > > > > > > > > <groupId>org.codehaus.jackson</groupId> > > > > > > > > <artifactId>jackson-mapper-lgpl</artifactId> > > > > > > > > </dependency> > > > > > > > > > > > > > > > > <dependency> > > > > > > > > <groupId>com.github.spotbugs</groupId> > > > > > > > > <artifactId>spotbugs-annotations</artifactId> > > > > > > > > <optional>true</optional> > > > > > > > > </dependency> > > > > > > > > > > > > > > > > which is LGPL v2.1 licensed. > > > > > > > > > > > > > > > > This means nacos-client should not be Apache Licensed as > > claimed, and > > > > > > > > Dubbo could not depend on nacos-client. > > > > > > > > > > > > > > > > I have contacted the Nacos team they are addressing this issue. > > > > > > > > > > > > > > > > My question is how to avoid this kind of issue? > > > > > > > > Should we check every newly added dependency for license > > compatibility? > > > > > > > > Is there any tools which can do automatic scanning? > > > > > > > > > > > > > > > > [1] https://github.com/apache/incubator-skywalking/pull/2422 > > > > > > > > > > > > > > > > -- > > > > > > > > Best Regards! > > > > > > > > Huxing > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Best Regards! > > > > > > Huxing > > > > > > > > > > > > > > > > > > > > > > > -- > > > Best Regards! > > > Huxing > > > > > >
