[
https://issues.apache.org/jira/browse/HBASE-16260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15388722#comment-15388722
]
Andrew Purtell commented on HBASE-16260:
----------------------------------------
bq. bigger question: why don't we have a tool to properly catch dependencies
that say they're only available under incompatible licenses?
By "we" do you mean HBase as opposed to the whole ASF? ASF-wide I think we'd
look to RAT as the tool which could do this conceivably after suitable
enhancement.
bq. I'm not sure where the beanshell dependency comes from yet.
As with XOM, the ESAPI stuff:
{noformat}
[INFO] +- org.owasp.esapi:esapi:jar:2.1.0.1:compile
...
[INFO] | +- xom:xom:jar:1.2.5:compile
...
[INFO] | +- org.beanshell:bsh-core:jar:2.0b4:compile
{noformat}
> Audit dependencies for Category-X
> ---------------------------------
>
> Key: HBASE-16260
> URL: https://issues.apache.org/jira/browse/HBASE-16260
> Project: HBase
> Issue Type: Task
> Components: community, dependencies
> Affects Versions: 2.0.0, 1.2.0, 1.3.0, 1.2.1, 1.1.4, 1.0.4, 1.1.5, 1.2.2
> Reporter: Sean Busbey
> Assignee: Sean Busbey
> Priority: Blocker
> Fix For: 2.0.0, 1.1.6, 1.2.3
>
>
> Make sure we do not have category x dependencies.
> right now we atleast have an LGPL for xom:xom (thanks to PHOENIX-3103 for the
> catch)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
