Hi Emmanuel, Is there a wiki page or something that you are aware of at Apache that clearly lays out what the obligations of projects are for licenses + notice files for third party dependencies? It's something I've yet to clearly wrap my head around.
Colm. On Mon, May 8, 2017 at 10:22 AM, Emmanuel Lecharny <[email protected]> wrote: > As soon as I'll beback home ! > > > Le lun. 8 mai 2017 à 09:27, Li, Jiajia <[email protected]> a écrit : > > > I've added the slf4j N&L, mockito N&L, netty's NOTICE, hamcrest N&L, > > bouncycastle N&L(used by netty, but not included in it's N&L), > > Jline N&L(used by zookeeper, but not included in it's N&L) > > You can find out the NOTICE at NOTICE file, the licenses in LICENSE file > > and license/ folder. > > > > I also checked the following: > > >>> Check the google gson N&L files. > > Gson is released under the Apache 2.0 license. > > > > >>>check the nimbus-jose-jwt N&L > > The library source code is provided under the Apache 2.0 license. > > > > >>>nimbus-jose-jwt has itself some dependencies that requires some N&L > > (potentially, that has to be checked) : > > >>>jcip-annotations, json-smart and bcprov-jdk15on > > jcip-annotations, json-smart are under Apache 2.0 license, and I've added > > bouncycastle license > > > > And checked the transitive dependencies: > > commons-io: AL 2.0 > > log4j: AL 2.0 > > junit: AL 2.0 > > > > @ Emmanuel, could you review the changes? > > > > Thanks > > Jiajia > > > > > > -----Original Message----- > > From: Emmanuel Lécharny [mailto:[email protected]] > > Sent: Monday, May 8, 2017 12:18 PM > > To: [email protected] > > Subject: Questions about the release > > > > Hi guys, > > > > > > I have checked all the modules, and their dependencies. Here is the > result > > : > > > > > > kerby-all -> test[junit, assertj-core] : OK, no N&L, test > > > > | > > > > +-- kerby-common -> [commons.io] : OK, no N&L, Apache > > +-- kerby-pkix -> [slf4j-api], test[slf4j-simple, mockito-core] : Need > to > > add the slf4j N&L > > +-- kerby-kerb > > > > | | > > > > | +-- kerb-core -> OK > > > > | +-- kerb-common -> [commons.io] : OK, no N&L, Apache > > | +-- kerb-util -> test[mockito-core] : OK, no N&L, test > > | +-- kerb-crypto -> OK > > | +-- kerb-identity -> OK > > | +-- kerb-identity-test -> test, no N&L > > | +-- kerb-client -> test[mockito-core]: OK, no N&L, test > > | +-- kerb-server -> test[slf4j-simple]: OK, no N&L, test > > | +-- kerb-kdc-test -> test, no N&L > > | +-- integration-test -> test, no N&L > > | +-- kerb-admin -> OK > > | +-- kerb-admin-server -> OK > > | +-- kerb-simplekdc -> OK > > | +-- kerb-client-api-all -> OK > > | +-- kerb-server-api-all -> OK > > +-- kerby-kdc -> [netty-transport, netty-handler, netty-common, > > netty-codec, netty-buffer, slf4j-api] : Need to add the mockito mockito > > N&L, add the netty's NOTICE file > > > > +-- kerby-tool > > > > | | > > > > | +-- client-tool -> OK > > | +-- kdc-tool -> OK > > > > +-- kerby-kdc-test -> test, no N&L > > +-- kerby-backend > > > > | | > > > > | +-- ldap-backend -> test[slf4j-simple], OK, no N&L, test > > | +-- mavibot-backend -> test[slf4j-simple], OK, no N&L, test > > | +-- json-backend -> [com.google.code.gson], test[slf4j-simple] : > > Check the google gson N&L files. > > | +-- zookeeper-backend-> OK > > > > +-- kerby-dist > > > > | | > > > > | +-- kdc-dist -> [netty, gson, slf4j-api, slf4j-log4j12] : Check > > the google gson N&L files. need to add the slf4j N&L, add the netty's > > NOTICE file > > | +-- tool-dist-> [slf4j-api, slf4j-log4j12] : Need to add the slf4j > > N&L > > > > +-- benchmark -> benchmarks, no N&L > > +-- kerby-provider > > > > | > > > > +- token-provider -> [nimbus-jose-jwt] -> check the nimbus-jose-jwt > > N&L > > > > > > AFAICT, there are not that many missing bits, but there is one more step > > to complete : check the transitive depndencies. > > > > Running mvn dependency:tree on modules which have external dependencies > > should give the required informations. Typically, on token-provider, here > > is what it gives : > > > > > > MacBook-Pro:token-provider elecharny$ mvn dependency:tree Java > HotSpot(TM) > > 64-Bit Server VM warning: ignoring option MaxPermSize=256M; support was > > removed in 8.0 [INFO] Scanning for projects... > > [INFO] > > > > [INFO] > > ------------------------------------------------------------------------ > > [INFO] Building Token provider 1.0.0 > > [INFO] > > ------------------------------------------------------------------------ > > [INFO] > > [INFO] --- maven-dependency-plugin:2.10:tree (default-cli) @ > > token-provider --- [INFO] org.apache.kerby:token-provider:jar:1.0.0 > > [INFO] +- org.apache.kerby:kerb-core:jar:1.0.0:compile > > [INFO] | \- org.apache.kerby:kerby-pkix:jar:1.0.0:compile > > [INFO] | +- org.apache.kerby:kerby-asn1:jar:1.0.0:compile > > [INFO] | +- org.apache.kerby:kerby-util:jar:1.0.0:compile > > [INFO] | \- org.slf4j:slf4j-api:jar:1.7.25:compile > > [INFO] +- com.nimbusds:nimbus-jose-jwt:jar:3.10:compile > > [INFO] | +- net.jcip:jcip-annotations:jar:1.0:compile > > [INFO] | +- net.minidev:json-smart:jar:1.3.1:compile > > [INFO] | +- org.bouncycastle:bcprov-jdk15on:jar:1.52:compile > > [INFO] | \- commons-io:commons-io:jar:2.4:compile > > [INFO] +- junit:junit:jar:4.12:test > > [INFO] | \- org.hamcrest:hamcrest-core:jar:1.3:test > > [INFO] \- org.assertj:assertj-core:jar:2.6.0:test > > [INFO] > > ------------------------------------------------------------------------ > > [INFO] BUILD SUCCESS > > [INFO] > > ------------------------------------------------------------------------ > > [INFO] Total time: 1.527 s > > [INFO] Finished at: 2017-05-08T06:14:52+02:00 [INFO] Final Memory: > > 15M/247M [INFO] > > ------------------------------------------------------------------------ > > > > > > As we can see, nimbus-jose-jwt has itself some dependencies that requires > > some N&L (potentially, that has to be checked) : > > jcip-annotations, json-smart and bcprov-jdk15on. If nimbus-jose-jwt has > > done its job properly, its N&L files should already contain the required > > bits, but we must check. > > > > > > This tas has to be ran on all the modules that have noapache and > non-tests > > dependencies... > > > > > > -- > > Emmanuel Lecharny > > > > Symas.com > > directory.apache.org > > > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
