Thanks for your reply Dawid. So it is not automated and we have to check for changes in the License and Notice files whenever we update a dependency. Is that correct?
I am considering adding a note for that in the dev-guide that helps developers find the appropriate license and notice and also include an additional step when adding or updating a dependency to check for updates in these files too. Would that make sense? On Fri, Jul 19, 2024 at 9:03 AM Dawid Weiss <dawid.we...@gmail.com> wrote: > Hi Chrisos, > > I think these files are placed manually when you add/ remove a dependency. > You should also manually review the license and check if it's really > compatible with the ASL (and what it contains). I typically cherry-picked > the license file from the library's repository (at whatever the dependency > revision was); sometimes the license is included in the JAR, but most often > not. > > Dawid > > On Fri, Jul 19, 2024 at 12:37 AM Christos Malliaridis < > c.malliari...@gmail.com> wrote: > > > Hello devs, > > > > I was working on a migration to versions catalog to learn more about the > > gradle configurations and I am now following the changes from > > https://github.com/apache/lucene/pull/13484 (thanks David for the > > reference). > > > > I wanted to figure out how the files in /solr/licenses are generated / > > created, so that I could run some tests to see if the changes I made work > > correctly (behavior of version locking, correct transitive dependency > > resolution, correct identification of missing, deprecated or redundant > > license files etc.). > > > > I went through the guide found in dev guide > > < > > > https://github.com/apache/solr/blob/main/dev-docs/dependency-upgrades.adoc > > > > > and the guide in the Lucene project > > <https://github.com/apache/lucene/blob/main/help/dependencies.txt>, but > > couldn't find any information that tells where or how to retrieve these > > files if a new dependency was added or a dependency was updated. > > > > Does anyone have any pointers for me? Is it just copying the files from > the > > JARs? If so, some license files and / or notice files may be outdated. > > > > Best > > - Christos > > >
