Hi, We are going to use Apache ODE in a project with involvement of industry partners. There, we are obliged to proof all (transitive) dependencies ODE uses, in order to guarantee that all of them apply to the Apache License Version 2.0. Unfortunately, we were not able to (automatically) retrieve/find the source code for 15 of the 83 dependencies (from Maven Central) which are packaged into the final ODE WAR distribution and therefore cannot check what licenses these dependencies REALLY have:
1. annogen:annogen:jar:sources:0.1.0 2. org.apache.derby:derby:jar:sources:10.5.3.0_1 3. org.apache.derby:derbytools:jar:sources:10.5.3.0_1 4. tranql:tranql-connector:jar:sources:1.1 5. org.apache.geronimo.specs:geronimo-j2ee-connector_1.5_spec:jar:sources:1.0 6. org.apache.velocity:velocity:jar:sources:1.5 7. net.sourceforge.serp:serp:jar:sources:1.13.1 8. org.jibx:jibx-run:jar:sources:1.2.1 9. commons-primitives:commons-primitives:jar:sources:1.0 10. geronimo-spec:geronimo-spec-jms:jar:sources:1.1-rc4 11. org.apache.santuario:xmlsec:jar:sources:1.4.6 12. org.apache.xmlbeans:xmlbeans:jar:sources:2.6.0 13. org.opensaml:opensaml1:jar:sources:1.1 14. org.apache.axis2:axis2-transports:jar:sources:1.0-i6 15. stax:stax-api:jar:sources:1.0.1 The question is, if someone of the ODE team already has transitively checked all related licenses of the used dependencies when open sourcing Apache ODE so that we can rely on your checks? Otherwise, would it be potentially possible that someone can provide us the source code for all dependencies bundled within the WAR distribution of Apache ODE so that we can check them? Cheers, Oliver