Thanks Bertrand for taking a look. Here is what I found about dependencies:
2017-10-11 11:47 GMT+02:00 Bertrand Delacretaz <[email protected]>: > > 3) Having a DEPENDENCIES file would make it much easier to validate > third-party dependencies, see this recent thread: > > https://lists.apache.org/thread.html/b82a116ec77639c49528d654a488ff > 354ca8edfb8f4f380865762275@%3Cdev.netbeans.apache.org%3E > > Right now, " mvn dependency:tree" lists some unfamiliar dependencies, > having their license in DEPENDENCIES would help validate them. > > I've added the plugin as: incubator-netbeans-html4j$ git diff diff --git a/pom.xml b/pom.xml index 72799a5..e19f727 100644 --- a/pom.xml +++ b/pom.xml @@ -201,6 +201,29 @@ org.netbeans.html.boot.impl:org.netbeans.html.boot.fx:org.netbeans.html.context. <useMavenDefaultExcludes>false</useMavenDefaultExcludes> </configuration> </plugin> + + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-remote-resources-plugin</artifactId> + <version>1.4</version> + <executions> + <execution> + <goals> + <goal>process</goal> + </goals> + <phase>validate</phase> + <configuration> + <resourceBundles> + <!-- Will generate META-INF/DEPENDENCIES + META-INF/LICENSE META-INF/NOTICE --> + <resourceBundle>org.apache:apache-jar-resource-bundle:1.4</resourceBundle> + <!-- Will generate META-INF/DISCLAIMER --> + <resourceBundle>org.apache:apache-incubator-disclaimer-resource-bundle:1.1</resourceBundle> + </resourceBundles> + </configuration> + </execution> + </executions> + </plugin> </plugins> <pluginManagement> <plugins> and based on that a lot of files were generated in indivudual project target directories: incubator-netbeans-html4j$ find | grep DEPEND ./equinox-agentclass-hook/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./equinox-agentclass-hook/target/classes/META-INF/DEPENDENCIES ./equinox-agentclass-hook/target/test-classes/META-INF/DEPENDENCIES ./sound/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./sound/target/classes/META-INF/DEPENDENCIES ./sound/target/test-classes/META-INF/DEPENDENCIES ./boot-agent-test/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./boot-agent-test/target/classes/META-INF/DEPENDENCIES ./boot-agent-test/target/test-classes/META-INF/DEPENDENCIES ./geo/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./geo/target/classes/META-INF/DEPENDENCIES ./geo/target/test-classes/META-INF/DEPENDENCIES ./ko-felix-test/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./ko-felix-test/target/classes/META-INF/DEPENDENCIES ./ko-felix-test/target/test-classes/META-INF/DEPENDENCIES ./json-tck/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./json-tck/target/classes/META-INF/DEPENDENCIES ./json-tck/target/test-classes/META-INF/DEPENDENCIES ./ko-ws-tyrus/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./ko-ws-tyrus/target/classes/META-INF/DEPENDENCIES ./ko-ws-tyrus/target/test-classes/META-INF/DEPENDENCIES ./boot-script/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./boot-script/target/classes/META-INF/DEPENDENCIES ./boot-script/target/test-classes/META-INF/DEPENDENCIES ./xhr4j/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./xhr4j/target/classes/META-INF/DEPENDENCIES ./xhr4j/target/test-classes/META-INF/DEPENDENCIES ./html4j-maven-plugin/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./html4j-maven-plugin/target/classes/META-INF/DEPENDENCIES ./html4j-maven-plugin/target/test-classes/META-INF/DEPENDENCIES ./boot/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./boot/target/classes/META-INF/DEPENDENCIES ./boot/target/test-classes/META-INF/DEPENDENCIES ./target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./ko4j/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./ko4j/target/classes/META-INF/DEPENDENCIES ./ko4j/target/test-classes/META-INF/DEPENDENCIES ./json/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./json/target/classes/META-INF/DEPENDENCIES ./json/target/test-classes/META-INF/DEPENDENCIES ./ko-osgi-test/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./ko-osgi-test/target/classes/META-INF/DEPENDENCIES ./ko-osgi-test/target/test-classes/META-INF/DEPENDENCIES ./boot-fx/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./boot-fx/target/classes/META-INF/DEPENDENCIES ./boot-fx/target/test-classes/META-INF/DEPENDENCIES ./context/target/maven-shared-archive-resources/META-INF/DEPENDENCIES ./context/target/classes/META-INF/DEPENDENCIES ./context/target/test-classes/META-INF/DEPENDENCIES I assume that is what you want. The content (after filtering Apache and Eclipse licenses) is: incubator-netbeans-html4j$ find | grep DEPEND | xargs cat | grep License: | grep -v "Apache.*2" | grep -v "Eclipse Public License" | sort -u License: BSD (http://asm.objectweb.org/license.html) License: CDDL+GPL (http://glassfish.java.net/public/CDDL+GPL.html) License: Dual license consisting of the CDDL v1.1 and GPL v2 ( http://glassfish.java.net/public/CDDL+GPL_1_1.html) License: Dual license consisting of the CDDL v1.1 and GPL v2 ( https://glassfish.java.net/public/CDDL+GPL_1_1.html) License: provided without support or warranty ( http://www.json.org/license.html) I assume that BSD is fine. In case of dual licensed ones we will choose CDDL which is fine as well, right? Is the [last license]( http://www.json.org/license.html) OK as well? Am I interpreting the output of maven-remote-resources-plugin correctly, or do you think I will have to change the dependencies somehow? Thanks. -jt
