[
https://issues.apache.org/jira/browse/SOLR-15465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17360664#comment-17360664
]
Dawid Weiss commented on SOLR-15465:
------------------------------------
I see what bothers you.
I think what's needed is essentially a filter on what gets included in the
distribution - the sources (in git) could still use the same existing
structure. I believe you could relatively easily determine which licenses to
include if you scanned just the jars that are included in one (or more) gradle
configurations for a set of shipped modules. Say, just the elements of runtime
configuration (this would omit all the tests, etc.). Then it becomes a
distribution-assembly filter (the license, notice and sha would still have to
live in the repository, undergoing all the usual checks).
Alternatively, you could do the same and split the location of license files
between various configurations but it may require duplicated entries then (or
some other juggling at the build level).
Currently the code that collects jars for dependency checks just assembles all
four gradle configurations - it's here:
https://github.com/apache/solr/blob/main/gradle/validation/jar-checks.gradle#L72-L89
You can tweak that code to include a subset of those configs or try to split
them into test/ runtime like I mentioned above.
> Do not require LICENSE and NOTICE files for test-dependencies
> -------------------------------------------------------------
>
> Key: SOLR-15465
> URL: https://issues.apache.org/jira/browse/SOLR-15465
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Build
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
>
> Our current build (and the ant build before it) checks that every single jar,
> even test dependencies, have a .sha1 file in licenses/ folder along with a
> LICENSE file and optinally a NOTICE file.
> However, according to [https://infra.apache.org/licensing-howto.html] we only
> need to supply LICENSE/NOTICE files for bits we ship, either as copy/pasted
> source code in the source dist or jar deps in the binary dist.
> Thus, I think we can stop shipping those LICENSE/NOTICE files for deps that
> we never distribute. Perhaps the sha1 files should remain for extra
> validation of binaries pulled from mvn, I don't know.
> [~dsmiley] [~dweiss]
> This probably goes for the Lucene build too.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
