Hi Felix On 30.05.2008 10:30:53 Felix Meschberger wrote: > Hi Jeremias, > > Am Freitag, den 30.05.2008, 10:22 +0200 schrieb Jeremias Maerki: > > I'm looking for a list of dependencies for Jackrabbit including their > > licenses. Can anyone give me a pointer? > > The non-Apache licensed dependencies should be listed in the NOTICE file > along with references to their respective license.
Unfortunately, that's not the case for org.textmining, for example: http://svn.apache.org/viewvc/jackrabbit/tags/1.4/jackrabbit-text-extractors/NOTICE.txt?view=markup http://svn.apache.org/viewvc/jackrabbit/tags/1.4/jackrabbit-text-extractors/LICENSE.txt?view=markup http://svn.apache.org/viewvc/jackrabbit/tags/1.4/jackrabbit-text-extractors/README.txt?view=markup http://svn.apache.org/viewvc/jackrabbit/tags/1.4/jackrabbit-text-extractors/pom.xml?view=markup The same applies to SLF4J, as another example. > All dependencies > should be available from the POM file -- running the maven dependency > report (the project-info-reports:dependencies goal might be your > friend). I tried "project-info-reports:dependencies" but it doesn't list the licenses on the dependencies themselves. The top-level report just says that there are no dependencies. Running the report for each module is not giving me much more. I still have to track down the license manually for each non-ASF artifact via the project URLs. In the case of the org.textmining dependency the license prior to 1.0 (now LGPL) cannot even be determined since the JAR doesn't contain information about the license and the authors didn't use branch/tag for the 0.4 release. Stuff like that makes a license audit very difficult. In the end, I don't think Maven can be our friend at the moment to provide the necessary information for a license audit. Even the POMs lack the necessary entries. And what if, as in the case of org.textmining, the license suddenly changes? > Maybe we should add the ouput of this report to the Jackrabbit site -- > if it ain't there and my eyes are too week today ? I haven't found it. Yes, please add such a report. Or better even: a section in the top-level README.txt that lists all dependencies with their licenses. Something like the following would make the job much easier: http://svn.apache.org/viewvc/xmlgraphics/fop/trunk/lib/README.txt?revision=638396 > Hope this helps. > > Regards > Felix Thanks, Jeremias Maerki
