It isn't dependencies per se but ones that might be bundled in any release. For your source distribution it would involve collating license/notice info for any third party source files (if any) used by the project. For your jars, any embedded (jarjar) dependencies. For a bundled "with dependencies" zip it would need to include info about dependencies. Sometimes embedded resources like js or image files might also need to be included.
The "why" is to make it clear to any users of the NLPCraft artifacts, exactly what their restrictions might be. I know there have been some attempts to automate collecting such info but the projects I am involved in are at least part manual. It typically involves 30mins work about once a year for those projects. I can point you to some gradle build files which collate LICENSE/NOTICE fragments into the correct places. The fragments are created manually. Cheers, Paul. On Tue, Apr 7, 2020 at 5:48 AM Aaron Radzinski <[email protected]> wrote: > Mentors, > I'm confused on how to (and why) list licenses for all project's > dependencies. To do it explicitly is a major time sink and it's very hard > to maintain it this way going forward. How do projects approach this in an > automated way? Will this be enough to provide an Apache RAT report? > > I'm sure there's some Maven plugin that's everyone using - I just don't > want to reinvent the wheel here... > > Thank you, > -- > Aaron Radzinski >
