Hi all,

I am preparing my first Apache release and am wondering if I need to check
licenses of all transitive deps if the release contains:

- a single source tarball;
- a few binary JAR artifacts on Nexus that contain no transitive deps in
either binary or source form.

Would it be sufficient to make sure the licenses of all sources comply with
Apache policy in this case? Do I need to check transitive deps in this case?



Reply via email to