On Wed, 15 Jul 2015, Ingo Wiarda wrote:
generating a list of all licenses is a good idea. The last thing you want for your product is to discover that the most recent version of a dependency is AGPL'ed, if you plan to publish under another license.
I think there are some maven plugins you can use to help with this, but that won't catch the case where the pom says eg Apache v2 but there's eg one LGPL file in the new version. A tool like Apache Creadur (formerly Rat) can help with checking for files that are missing licenses or have a different license header to what you'd expect.
Nick
