ivankelly commented on issue #888: Rework of binary distribution licenses URL: https://github.com/apache/bookkeeper/pull/888#issuecomment-352890209 > How do you guarantee the notice/license files can always be the correct? We assume that, for a given version, the notice and license files will not change, which is a safe assumption to make. I'm dubious as to whether it will be possible to pull in NOTICE files automatically. We would have to pull in every NOTICE file, which isn't really necessary. And then someone would have to check the contents of the pulled in NOTICE file to ensure everything is ok. If we make the pulling of licenses automatic, then they will only ever be checked at release time. At release time, all dependencies need to be checked, and when there's so much to check, people are likely to just give it a quick glance, and +1 it, without actually checking each dependency. I would prefer that the work in manually checking dependencies occurs as part of the development process, each time we update a dependency. At this time, there will be a smaller subset of the dependencies changing, so it can be reviewed more carefully. The submitter will be able to take their time with it, and the reviewer will be able to give each dependency their full attention. Once a license/notice has been updated for a version of the dependency, it shouldn't need to be looked at again (as licenses/notices don't change within a single version).
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
