On Thu, 2020-04-23 at 10:37 +0300, Vladimir Sitnikov wrote: The below is based on the implementation of the automatic checker for Apache JMeter (Java, Gradle if that matters).
Tony>The expectation is that when importing a third party package, a human examines the license terms and picks the applicable one for their code base in the case of a choice Can you please clarify if you expect that every dependency declaration in Bazel should duplicate the license terms for the dependency? In copyleft cases (which are the most important compliance cases in many respects) you have to provide the text of the license, so why not include all the license terms? It looks like your design requires to specify each and every license terms individually, even though the package itself could its terms. In my experience, package managers do a terrible job of providing correct and corresponding license info. I'm thinking of Maven and Yocto here, not Debian's APT, which does a stellar job. Regards, Jeremiah ________________________________ This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3875): https://lists.spdx.org/g/Spdx-tech/message/3875 Mute This Topic: https://lists.spdx.org/mt/73090505/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
