Pil0tXia commented on issue #4720: URL: https://github.com/apache/eventmesh/issues/4720#issuecomment-1882749199
@vy In your experience and knowledge, do you think our LICENSE and dependency management are excessively configured? For example, we attach a txt file for every third-party dependency (e.g., `tools/third-party-licenses/licenses/java/LICENSE-log4j-api.txt`). Is it necessary to declare the licenses of these dependencies again in `tools/third-party-licenses/LICENSE`? Regarding dependency management, I haven't seen any other projects using the `tools/dependency-check/known-dependencies.txt` file. The RocketMQ project doesn't perform dependency checks, while Kafka uses [a Gradle plugin](https://github.com/apache/kafka/blob/cce63274f2fdf9a4db014e2bae8019677b2cd7b2/build.gradle#L755-L758) with minimal configuration. Does this mean that the `tools/dependency-check/known-dependencies.txt` file is redundant? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
