​Here is my analysis of our third party licenses. Using this history as a guide: https://www.mail-archive.com/[email protected]/msg00969.html and this : https://issues.apache.org/jira/browse/RYA-177
in order: the good, the bad, the to-do: ### BSD good from: http://asm.ow2.org/license.html (Unknown license) ASM Core (asm:asm:3.1 - http://asm.objectweb.org/asm/ ) ### already excluded, see RYA-200 Remove findbugs:jsr305 Dependency (GNU Lesser Public License) FindBugs-Annotations (com.google.code.findbugs:annotations:2.0.2 - http://findbugs.sourceforge .net/) ### apache project (Unknown license) commons-beanutils (commons-beanutils:commons- beanutils:1.7.0 - no url defined) ### Already exclusion from another library, its OKAY (HSQLDB License) HSQLDB (hsqldb:hsqldb:1.8.0.10 - http://hsqldb.org/) ### used by many Apache projects (Unknown license) servlet-api (javax.servlet:servlet-api:2.5 - no url defined) (Unknown license) jsp-api (javax.servlet.jsp:jsp-api:2.1 - no url defined) (Common Public License Version 1.0) JUnit (junit:junit:4.8.2 - http://junit.org) ### BSD license good from http://www.antlr.org/about.html (Unknown license) Antlr 3.4 Runtime (org.antlr:antlr-runtime:3.4 - http://www.antlr.org) ### apache (Unknown license) Jettison (org.codehaus.jettison:jettison:1.1 - no url defined) ### Apache licenced, all spring stuff (Unknown license) spring-aop (org.springframework:spring- aop:3.0.5.RELEASE) (Unknown license) spring-asm (org.springframework:spring- asm:3.0.5.RELEASE) (Unknown license) spring-beans (org.springframework:spring- beans:3.0.5.RELEASE) (Unknown license) spring-context (org.springframework:spring- context:3.0.5.RELEASE) (Unknown license) spring-context-support (org.springframework:spring- context-support:3.0.7.RELEASE (Unknown license) spring-core (org.springframework:spring- core:3.0.5.RELEASE (Unknown license) spring-expression (org.springframework:spring- expression:3.0.5.RELEASE (Unknown license) spring-tx (org.springframework:spring- tx:3.0.5.RELEASE ############## end of good. ### MIT- with evil clause ( "The Software shall be used for Good, not Evil." from http://www.json.org/license.html ) Consider replaceing with this drop in replacement: https://mvnrepository.com/artifact/com.tdunning/json from: https://stackoverflow.com/questions/10396176/org-json-jar-provisioning (provided without support or warranty) JSON (JavaScript Object Notation) (org.json:json:20090211 - http://www.json.org/java/index.html) ### BAD I don't know about JMH libs: (GNU General Public License (GPL), version 2, with the Classpath exception) JMH Core (org.openjdk.jmh:jmh-core:1.13 - http://openjdk.java.net/projects/code-tools/jmh/jmh-core/) (GNU General Public License (GPL), version 2, with the Classpath exception) JMH Generators: Annotation Processors (org.openjdk.jmh:jmh-generator-annprocess:1.13 - http://openjdk.java.net/projects/code-tools/jmh/jmh-generator-annprocess/) ############That is as far as I got. TODO: (Unknown license) oro (oro:oro:2.0.8 - no url defined) (Unknown license) regexp (regexp:regexp:1.3 - no url defined) (Unknown license) org.osgi.compendium (org.osgi:org.osgi.compendium: 4.2.0) (Unknown license) org.osgi.core (org.osgi:org.osgi.core:4.2.0 ) (Jython Software License) Jython (org.python:jython:2.5.3 - http://www.jython.org/)
