You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@druid.apache.org by Slim Bouguerra <bs...@apache.org> on 2018/04/18 04:15:59 UTC
Dependencies licenses Report
One of the question last dev synch was about the generation of dependency
licenses.
Some projects (ORC and Hive) use the maven site plugin that can generates
reports with all the dependencies and licenses details.
I have run it on Druid and this is how it looks for Druid Api Module.
cmd
mvn project-info-reports:dependencies
The site directory can be found under target/site
here is an example for one module
https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-OI7Oe/view?usp=sharing
Also no fancy tools used to detect unwanted licenses, it is done while
reviewing PR
Re: Dependencies licenses Report
Posted by Jihoon Son <gh...@gmail.com>.
Hi Slim,
since all our codes have been imported into Apache, we can start this now.
How's it going with this? Would you let us know what's your plan?
Jihoon
On Tue, Apr 24, 2018 at 1:56 PM Gian Merlino <gi...@apache.org> wrote:
> > you are sure about this? thought the donation paper work is signed right?
>
> Not yet as far as I know; last I heard was a week or so ago.
>
> On Tue, Apr 24, 2018 at 1:41 PM, Slim Bouguerra <sl...@gmail.com>
> wrote:
>
> >
> > > On Apr 24, 2018, at 1:18 PM, Gian Merlino <gi...@apache.org> wrote:
> > >
> > > Do you mean the license headers?
> >
> > Yes, did quick run and was complaining first about our headers and also
> > some of the other files without any headers.
> >
> > > Those, I think, we shouldn't change until
> > > the code is imported into Apache.
> >
> > you are sure about this? thought the donation paper work is signed right?
> >
> > >
> > > If it's possible to use Rat to audit dependency licenses without
> looking
> > at
> > > the license headers of our own files, that would still be useful at
> this
> > > point.
> >
> > Not sure but will look.
> >
> > >
> > > On Tue, Apr 24, 2018 at 12:57 PM, Slim Bouguerra <bs...@apache.org>
> > wrote:
> > >
> > >>
> > >> I Think the first step to use RAT is to reformat all the Druid code
> > >> licenses.
> > >> Any idea if this can be done now or we need some legal work to be
> done?
> > >>
> > >> On 2018/04/20 17:52:46, Slim Bouguerra <sl...@gmail.com>
> > wrote:
> > >>> As Suggested above, RAT is used as a first filter that does most of
> the
> > >>> checking but it is not 100% enough.
> > >>> The mvn site plugin is used to collect list of dependencies but it is
> > not
> > >>> enough as well.
> > >>> They manually edit/create the Licenses/Notice files. It is done by
> > >>> hand/a_human to avoid any glitch that an automatic tool will
> introduce
> > >> and
> > >>> to insure that someone has looked at it.
> > >>> Seems like it is time consuming the first time but then it should be
> > >>> incremental thus not that hard.
> > >>>
> > >>>
> > >>>
> > >>> On Wed, Apr 18, 2018 at 8:45 AM, Julian Hyde <jhyde.apache@gmail.com
> >
> > >> wrote:
> > >>>
> > >>>> The main tool to use is Apache RAT. Definitely use that.
> > >>>>
> > >>>> One of the hardest tasks is getting the contents of LICENSE and
> NOTICE
> > >>>> right. That is a manual task I’m afraid.
> > >>>>
> > >>>> Julian
> > >>>>
> > >>>>> On Apr 18, 2018, at 08:34, Gian Merlino <gi...@gmail.com>
> > >> wrote:
> > >>>>>
> > >>>>> Hi Slim,
> > >>>>>
> > >>>>> Do you know if ORC & Hive use this tool as part of their release
> > >> process?
> > >>>>> And if it's considered a good tool by itself for verifying we meet
> > >> all of
> > >>>>> the Apache licensing requirements, or if we'll need something else
> > >> too?
> > >>>>>
> > >>>>>> On Tue, Apr 17, 2018 at 9:15 PM, Slim Bouguerra <bslim@apache.org
> >
> > >>>> wrote:
> > >>>>>>
> > >>>>>> One of the question last dev synch was about the generation of
> > >>>> dependency
> > >>>>>> licenses.
> > >>>>>> Some projects (ORC and Hive) use the maven site plugin that can
> > >>>> generates
> > >>>>>> reports with all the dependencies and licenses details.
> > >>>>>> I have run it on Druid and this is how it looks for Druid Api
> > >> Module.
> > >>>>>> cmd
> > >>>>>>
> > >>>>>> mvn project-info-reports:dependencies
> > >>>>>>
> > >>>>>> The site directory can be found under target/site
> > >>>>>> here is an example for one module
> > >>>>>> https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-
> > >>>>>> OI7Oe/view?usp=sharing
> > >>>>>>
> > >>>>>> Also no fancy tools used to detect unwanted licenses, it is done
> > >> while
> > >>>>>> reviewing PR
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> ------------------------------------------------------------
> > >> ---------
> > >>>>>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > >>>>>> For additional commands, e-mail: dev-help@druid.apache.org
> > >>>>>>
> > >>>>
> > >>>>
> ---------------------------------------------------------------------
> > >>>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > >>>> For additional commands, e-mail: dev-help@druid.apache.org
> > >>>>
> > >>>>
> > >>>
> > >>>
> > >>> --
> > >>>
> > >>> B-Slim
> > >>> _______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______/
> > \/\/\_______
> > >>>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > >> For additional commands, e-mail: dev-help@druid.apache.org
> > >>
> > >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > For additional commands, e-mail: dev-help@druid.apache.org
> >
> >
>
Re: Dependencies licenses Report
Posted by Gian Merlino <gi...@apache.org>.
> you are sure about this? thought the donation paper work is signed right?
Not yet as far as I know; last I heard was a week or so ago.
On Tue, Apr 24, 2018 at 1:41 PM, Slim Bouguerra <sl...@gmail.com>
wrote:
>
> > On Apr 24, 2018, at 1:18 PM, Gian Merlino <gi...@apache.org> wrote:
> >
> > Do you mean the license headers?
>
> Yes, did quick run and was complaining first about our headers and also
> some of the other files without any headers.
>
> > Those, I think, we shouldn't change until
> > the code is imported into Apache.
>
> you are sure about this? thought the donation paper work is signed right?
>
> >
> > If it's possible to use Rat to audit dependency licenses without looking
> at
> > the license headers of our own files, that would still be useful at this
> > point.
>
> Not sure but will look.
>
> >
> > On Tue, Apr 24, 2018 at 12:57 PM, Slim Bouguerra <bs...@apache.org>
> wrote:
> >
> >>
> >> I Think the first step to use RAT is to reformat all the Druid code
> >> licenses.
> >> Any idea if this can be done now or we need some legal work to be done?
> >>
> >> On 2018/04/20 17:52:46, Slim Bouguerra <sl...@gmail.com>
> wrote:
> >>> As Suggested above, RAT is used as a first filter that does most of the
> >>> checking but it is not 100% enough.
> >>> The mvn site plugin is used to collect list of dependencies but it is
> not
> >>> enough as well.
> >>> They manually edit/create the Licenses/Notice files. It is done by
> >>> hand/a_human to avoid any glitch that an automatic tool will introduce
> >> and
> >>> to insure that someone has looked at it.
> >>> Seems like it is time consuming the first time but then it should be
> >>> incremental thus not that hard.
> >>>
> >>>
> >>>
> >>> On Wed, Apr 18, 2018 at 8:45 AM, Julian Hyde <jh...@gmail.com>
> >> wrote:
> >>>
> >>>> The main tool to use is Apache RAT. Definitely use that.
> >>>>
> >>>> One of the hardest tasks is getting the contents of LICENSE and NOTICE
> >>>> right. That is a manual task I’m afraid.
> >>>>
> >>>> Julian
> >>>>
> >>>>> On Apr 18, 2018, at 08:34, Gian Merlino <gi...@gmail.com>
> >> wrote:
> >>>>>
> >>>>> Hi Slim,
> >>>>>
> >>>>> Do you know if ORC & Hive use this tool as part of their release
> >> process?
> >>>>> And if it's considered a good tool by itself for verifying we meet
> >> all of
> >>>>> the Apache licensing requirements, or if we'll need something else
> >> too?
> >>>>>
> >>>>>> On Tue, Apr 17, 2018 at 9:15 PM, Slim Bouguerra <bs...@apache.org>
> >>>> wrote:
> >>>>>>
> >>>>>> One of the question last dev synch was about the generation of
> >>>> dependency
> >>>>>> licenses.
> >>>>>> Some projects (ORC and Hive) use the maven site plugin that can
> >>>> generates
> >>>>>> reports with all the dependencies and licenses details.
> >>>>>> I have run it on Druid and this is how it looks for Druid Api
> >> Module.
> >>>>>> cmd
> >>>>>>
> >>>>>> mvn project-info-reports:dependencies
> >>>>>>
> >>>>>> The site directory can be found under target/site
> >>>>>> here is an example for one module
> >>>>>> https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-
> >>>>>> OI7Oe/view?usp=sharing
> >>>>>>
> >>>>>> Also no fancy tools used to detect unwanted licenses, it is done
> >> while
> >>>>>> reviewing PR
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> ------------------------------------------------------------
> >> ---------
> >>>>>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> >>>>>> For additional commands, e-mail: dev-help@druid.apache.org
> >>>>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> >>>> For additional commands, e-mail: dev-help@druid.apache.org
> >>>>
> >>>>
> >>>
> >>>
> >>> --
> >>>
> >>> B-Slim
> >>> _______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______/
> \/\/\_______
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> >> For additional commands, e-mail: dev-help@druid.apache.org
> >>
> >>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> For additional commands, e-mail: dev-help@druid.apache.org
>
>
Re: Dependencies licenses Report
Posted by Slim Bouguerra <sl...@gmail.com>.
> On Apr 24, 2018, at 1:18 PM, Gian Merlino <gi...@apache.org> wrote:
>
> Do you mean the license headers?
Yes, did quick run and was complaining first about our headers and also some of the other files without any headers.
> Those, I think, we shouldn't change until
> the code is imported into Apache.
you are sure about this? thought the donation paper work is signed right?
>
> If it's possible to use Rat to audit dependency licenses without looking at
> the license headers of our own files, that would still be useful at this
> point.
Not sure but will look.
>
> On Tue, Apr 24, 2018 at 12:57 PM, Slim Bouguerra <bs...@apache.org> wrote:
>
>>
>> I Think the first step to use RAT is to reformat all the Druid code
>> licenses.
>> Any idea if this can be done now or we need some legal work to be done?
>>
>> On 2018/04/20 17:52:46, Slim Bouguerra <sl...@gmail.com> wrote:
>>> As Suggested above, RAT is used as a first filter that does most of the
>>> checking but it is not 100% enough.
>>> The mvn site plugin is used to collect list of dependencies but it is not
>>> enough as well.
>>> They manually edit/create the Licenses/Notice files. It is done by
>>> hand/a_human to avoid any glitch that an automatic tool will introduce
>> and
>>> to insure that someone has looked at it.
>>> Seems like it is time consuming the first time but then it should be
>>> incremental thus not that hard.
>>>
>>>
>>>
>>> On Wed, Apr 18, 2018 at 8:45 AM, Julian Hyde <jh...@gmail.com>
>> wrote:
>>>
>>>> The main tool to use is Apache RAT. Definitely use that.
>>>>
>>>> One of the hardest tasks is getting the contents of LICENSE and NOTICE
>>>> right. That is a manual task I’m afraid.
>>>>
>>>> Julian
>>>>
>>>>> On Apr 18, 2018, at 08:34, Gian Merlino <gi...@gmail.com>
>> wrote:
>>>>>
>>>>> Hi Slim,
>>>>>
>>>>> Do you know if ORC & Hive use this tool as part of their release
>> process?
>>>>> And if it's considered a good tool by itself for verifying we meet
>> all of
>>>>> the Apache licensing requirements, or if we'll need something else
>> too?
>>>>>
>>>>>> On Tue, Apr 17, 2018 at 9:15 PM, Slim Bouguerra <bs...@apache.org>
>>>> wrote:
>>>>>>
>>>>>> One of the question last dev synch was about the generation of
>>>> dependency
>>>>>> licenses.
>>>>>> Some projects (ORC and Hive) use the maven site plugin that can
>>>> generates
>>>>>> reports with all the dependencies and licenses details.
>>>>>> I have run it on Druid and this is how it looks for Druid Api
>> Module.
>>>>>> cmd
>>>>>>
>>>>>> mvn project-info-reports:dependencies
>>>>>>
>>>>>> The site directory can be found under target/site
>>>>>> here is an example for one module
>>>>>> https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-
>>>>>> OI7Oe/view?usp=sharing
>>>>>>
>>>>>> Also no fancy tools used to detect unwanted licenses, it is done
>> while
>>>>>> reviewing PR
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------
>> ---------
>>>>>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
>>>>>> For additional commands, e-mail: dev-help@druid.apache.org
>>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
>>>> For additional commands, e-mail: dev-help@druid.apache.org
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> B-Slim
>>> _______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
>> For additional commands, e-mail: dev-help@druid.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
For additional commands, e-mail: dev-help@druid.apache.org
Re: Dependencies licenses Report
Posted by Gian Merlino <gi...@apache.org>.
Do you mean the license headers? Those, I think, we shouldn't change until
the code is imported into Apache.
If it's possible to use Rat to audit dependency licenses without looking at
the license headers of our own files, that would still be useful at this
point.
On Tue, Apr 24, 2018 at 12:57 PM, Slim Bouguerra <bs...@apache.org> wrote:
>
> I Think the first step to use RAT is to reformat all the Druid code
> licenses.
> Any idea if this can be done now or we need some legal work to be done?
>
> On 2018/04/20 17:52:46, Slim Bouguerra <sl...@gmail.com> wrote:
> > As Suggested above, RAT is used as a first filter that does most of the
> > checking but it is not 100% enough.
> > The mvn site plugin is used to collect list of dependencies but it is not
> > enough as well.
> > They manually edit/create the Licenses/Notice files. It is done by
> > hand/a_human to avoid any glitch that an automatic tool will introduce
> and
> > to insure that someone has looked at it.
> > Seems like it is time consuming the first time but then it should be
> > incremental thus not that hard.
> >
> >
> >
> > On Wed, Apr 18, 2018 at 8:45 AM, Julian Hyde <jh...@gmail.com>
> wrote:
> >
> > > The main tool to use is Apache RAT. Definitely use that.
> > >
> > > One of the hardest tasks is getting the contents of LICENSE and NOTICE
> > > right. That is a manual task I’m afraid.
> > >
> > > Julian
> > >
> > > > On Apr 18, 2018, at 08:34, Gian Merlino <gi...@gmail.com>
> wrote:
> > > >
> > > > Hi Slim,
> > > >
> > > > Do you know if ORC & Hive use this tool as part of their release
> process?
> > > > And if it's considered a good tool by itself for verifying we meet
> all of
> > > > the Apache licensing requirements, or if we'll need something else
> too?
> > > >
> > > >> On Tue, Apr 17, 2018 at 9:15 PM, Slim Bouguerra <bs...@apache.org>
> > > wrote:
> > > >>
> > > >> One of the question last dev synch was about the generation of
> > > dependency
> > > >> licenses.
> > > >> Some projects (ORC and Hive) use the maven site plugin that can
> > > generates
> > > >> reports with all the dependencies and licenses details.
> > > >> I have run it on Druid and this is how it looks for Druid Api
> Module.
> > > >> cmd
> > > >>
> > > >> mvn project-info-reports:dependencies
> > > >>
> > > >> The site directory can be found under target/site
> > > >> here is an example for one module
> > > >> https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-
> > > >> OI7Oe/view?usp=sharing
> > > >>
> > > >> Also no fancy tools used to detect unwanted licenses, it is done
> while
> > > >> reviewing PR
> > > >>
> > > >>
> > > >>
> > > >> ------------------------------------------------------------
> ---------
> > > >> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > >> For additional commands, e-mail: dev-help@druid.apache.org
> > > >>
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > For additional commands, e-mail: dev-help@druid.apache.org
> > >
> > >
> >
> >
> > --
> >
> > B-Slim
> > _______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> For additional commands, e-mail: dev-help@druid.apache.org
>
>
Re: Dependencies licenses Report
Posted by Slim Bouguerra <bs...@apache.org>.
I Think the first step to use RAT is to reformat all the Druid code licenses.
Any idea if this can be done now or we need some legal work to be done?
On 2018/04/20 17:52:46, Slim Bouguerra <sl...@gmail.com> wrote:
> As Suggested above, RAT is used as a first filter that does most of the
> checking but it is not 100% enough.
> The mvn site plugin is used to collect list of dependencies but it is not
> enough as well.
> They manually edit/create the Licenses/Notice files. It is done by
> hand/a_human to avoid any glitch that an automatic tool will introduce and
> to insure that someone has looked at it.
> Seems like it is time consuming the first time but then it should be
> incremental thus not that hard.
>
>
>
> On Wed, Apr 18, 2018 at 8:45 AM, Julian Hyde <jh...@gmail.com> wrote:
>
> > The main tool to use is Apache RAT. Definitely use that.
> >
> > One of the hardest tasks is getting the contents of LICENSE and NOTICE
> > right. That is a manual task I’m afraid.
> >
> > Julian
> >
> > > On Apr 18, 2018, at 08:34, Gian Merlino <gi...@gmail.com> wrote:
> > >
> > > Hi Slim,
> > >
> > > Do you know if ORC & Hive use this tool as part of their release process?
> > > And if it's considered a good tool by itself for verifying we meet all of
> > > the Apache licensing requirements, or if we'll need something else too?
> > >
> > >> On Tue, Apr 17, 2018 at 9:15 PM, Slim Bouguerra <bs...@apache.org>
> > wrote:
> > >>
> > >> One of the question last dev synch was about the generation of
> > dependency
> > >> licenses.
> > >> Some projects (ORC and Hive) use the maven site plugin that can
> > generates
> > >> reports with all the dependencies and licenses details.
> > >> I have run it on Druid and this is how it looks for Druid Api Module.
> > >> cmd
> > >>
> > >> mvn project-info-reports:dependencies
> > >>
> > >> The site directory can be found under target/site
> > >> here is an example for one module
> > >> https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-
> > >> OI7Oe/view?usp=sharing
> > >>
> > >> Also no fancy tools used to detect unwanted licenses, it is done while
> > >> reviewing PR
> > >>
> > >>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > >> For additional commands, e-mail: dev-help@druid.apache.org
> > >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > For additional commands, e-mail: dev-help@druid.apache.org
> >
> >
>
>
> --
>
> B-Slim
> _______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
For additional commands, e-mail: dev-help@druid.apache.org
Re: Dependencies licenses Report
Posted by Jihoon Son <ji...@apache.org>.
I can do this. I'll make an issue for this in Github and raise a PR.
Jihoon
2018년 4월 20일 (금) 오후 12:30, Gian Merlino <gi...@gmail.com>님이 작성:
> Does anyone have experience with RAT (https://creadur.apache.org/rat/) and
> a willingness to do a PR to set it up for us? I think we can do this even
> before migrating sources to Apache.
>
> On Fri, Apr 20, 2018 at 10:52 AM, Slim Bouguerra <slim.bouguerra@gmail.com
> >
> wrote:
>
> > As Suggested above, RAT is used as a first filter that does most of the
> > checking but it is not 100% enough.
> > The mvn site plugin is used to collect list of dependencies but it is not
> > enough as well.
> > They manually edit/create the Licenses/Notice files. It is done by
> > hand/a_human to avoid any glitch that an automatic tool will introduce
> and
> > to insure that someone has looked at it.
> > Seems like it is time consuming the first time but then it should be
> > incremental thus not that hard.
> >
> >
> >
> > On Wed, Apr 18, 2018 at 8:45 AM, Julian Hyde <jh...@gmail.com>
> > wrote:
> >
> > > The main tool to use is Apache RAT. Definitely use that.
> > >
> > > One of the hardest tasks is getting the contents of LICENSE and NOTICE
> > > right. That is a manual task I’m afraid.
> > >
> > > Julian
> > >
> > > > On Apr 18, 2018, at 08:34, Gian Merlino <gi...@gmail.com>
> wrote:
> > > >
> > > > Hi Slim,
> > > >
> > > > Do you know if ORC & Hive use this tool as part of their release
> > process?
> > > > And if it's considered a good tool by itself for verifying we meet
> all
> > of
> > > > the Apache licensing requirements, or if we'll need something else
> too?
> > > >
> > > >> On Tue, Apr 17, 2018 at 9:15 PM, Slim Bouguerra <bs...@apache.org>
> > > wrote:
> > > >>
> > > >> One of the question last dev synch was about the generation of
> > > dependency
> > > >> licenses.
> > > >> Some projects (ORC and Hive) use the maven site plugin that can
> > > generates
> > > >> reports with all the dependencies and licenses details.
> > > >> I have run it on Druid and this is how it looks for Druid Api
> Module.
> > > >> cmd
> > > >>
> > > >> mvn project-info-reports:dependencies
> > > >>
> > > >> The site directory can be found under target/site
> > > >> here is an example for one module
> > > >> https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-
> > > >> OI7Oe/view?usp=sharing
> > > >>
> > > >> Also no fancy tools used to detect unwanted licenses, it is done
> while
> > > >> reviewing PR
> > > >>
> > > >>
> > > >>
> > > >>
> ---------------------------------------------------------------------
> > > >> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > >> For additional commands, e-mail: dev-help@druid.apache.org
> > > >>
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > For additional commands, e-mail: dev-help@druid.apache.org
> > >
> > >
> >
> >
> > --
> >
> > B-Slim
> > _______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______
> >
>
Re: Dependencies licenses Report
Posted by Gian Merlino <gi...@gmail.com>.
Does anyone have experience with RAT (https://creadur.apache.org/rat/) and
a willingness to do a PR to set it up for us? I think we can do this even
before migrating sources to Apache.
On Fri, Apr 20, 2018 at 10:52 AM, Slim Bouguerra <sl...@gmail.com>
wrote:
> As Suggested above, RAT is used as a first filter that does most of the
> checking but it is not 100% enough.
> The mvn site plugin is used to collect list of dependencies but it is not
> enough as well.
> They manually edit/create the Licenses/Notice files. It is done by
> hand/a_human to avoid any glitch that an automatic tool will introduce and
> to insure that someone has looked at it.
> Seems like it is time consuming the first time but then it should be
> incremental thus not that hard.
>
>
>
> On Wed, Apr 18, 2018 at 8:45 AM, Julian Hyde <jh...@gmail.com>
> wrote:
>
> > The main tool to use is Apache RAT. Definitely use that.
> >
> > One of the hardest tasks is getting the contents of LICENSE and NOTICE
> > right. That is a manual task I’m afraid.
> >
> > Julian
> >
> > > On Apr 18, 2018, at 08:34, Gian Merlino <gi...@gmail.com> wrote:
> > >
> > > Hi Slim,
> > >
> > > Do you know if ORC & Hive use this tool as part of their release
> process?
> > > And if it's considered a good tool by itself for verifying we meet all
> of
> > > the Apache licensing requirements, or if we'll need something else too?
> > >
> > >> On Tue, Apr 17, 2018 at 9:15 PM, Slim Bouguerra <bs...@apache.org>
> > wrote:
> > >>
> > >> One of the question last dev synch was about the generation of
> > dependency
> > >> licenses.
> > >> Some projects (ORC and Hive) use the maven site plugin that can
> > generates
> > >> reports with all the dependencies and licenses details.
> > >> I have run it on Druid and this is how it looks for Druid Api Module.
> > >> cmd
> > >>
> > >> mvn project-info-reports:dependencies
> > >>
> > >> The site directory can be found under target/site
> > >> here is an example for one module
> > >> https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-
> > >> OI7Oe/view?usp=sharing
> > >>
> > >> Also no fancy tools used to detect unwanted licenses, it is done while
> > >> reviewing PR
> > >>
> > >>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > >> For additional commands, e-mail: dev-help@druid.apache.org
> > >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > For additional commands, e-mail: dev-help@druid.apache.org
> >
> >
>
>
> --
>
> B-Slim
> _______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______
>
Re: Dependencies licenses Report
Posted by Slim Bouguerra <sl...@gmail.com>.
As Suggested above, RAT is used as a first filter that does most of the
checking but it is not 100% enough.
The mvn site plugin is used to collect list of dependencies but it is not
enough as well.
They manually edit/create the Licenses/Notice files. It is done by
hand/a_human to avoid any glitch that an automatic tool will introduce and
to insure that someone has looked at it.
Seems like it is time consuming the first time but then it should be
incremental thus not that hard.
On Wed, Apr 18, 2018 at 8:45 AM, Julian Hyde <jh...@gmail.com> wrote:
> The main tool to use is Apache RAT. Definitely use that.
>
> One of the hardest tasks is getting the contents of LICENSE and NOTICE
> right. That is a manual task I’m afraid.
>
> Julian
>
> > On Apr 18, 2018, at 08:34, Gian Merlino <gi...@gmail.com> wrote:
> >
> > Hi Slim,
> >
> > Do you know if ORC & Hive use this tool as part of their release process?
> > And if it's considered a good tool by itself for verifying we meet all of
> > the Apache licensing requirements, or if we'll need something else too?
> >
> >> On Tue, Apr 17, 2018 at 9:15 PM, Slim Bouguerra <bs...@apache.org>
> wrote:
> >>
> >> One of the question last dev synch was about the generation of
> dependency
> >> licenses.
> >> Some projects (ORC and Hive) use the maven site plugin that can
> generates
> >> reports with all the dependencies and licenses details.
> >> I have run it on Druid and this is how it looks for Druid Api Module.
> >> cmd
> >>
> >> mvn project-info-reports:dependencies
> >>
> >> The site directory can be found under target/site
> >> here is an example for one module
> >> https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-
> >> OI7Oe/view?usp=sharing
> >>
> >> Also no fancy tools used to detect unwanted licenses, it is done while
> >> reviewing PR
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> >> For additional commands, e-mail: dev-help@druid.apache.org
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> For additional commands, e-mail: dev-help@druid.apache.org
>
>
--
B-Slim
_______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______
Re: Dependencies licenses Report
Posted by Julian Hyde <jh...@gmail.com>.
The main tool to use is Apache RAT. Definitely use that.
One of the hardest tasks is getting the contents of LICENSE and NOTICE right. That is a manual task I’m afraid.
Julian
> On Apr 18, 2018, at 08:34, Gian Merlino <gi...@gmail.com> wrote:
>
> Hi Slim,
>
> Do you know if ORC & Hive use this tool as part of their release process?
> And if it's considered a good tool by itself for verifying we meet all of
> the Apache licensing requirements, or if we'll need something else too?
>
>> On Tue, Apr 17, 2018 at 9:15 PM, Slim Bouguerra <bs...@apache.org> wrote:
>>
>> One of the question last dev synch was about the generation of dependency
>> licenses.
>> Some projects (ORC and Hive) use the maven site plugin that can generates
>> reports with all the dependencies and licenses details.
>> I have run it on Druid and this is how it looks for Druid Api Module.
>> cmd
>>
>> mvn project-info-reports:dependencies
>>
>> The site directory can be found under target/site
>> here is an example for one module
>> https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-
>> OI7Oe/view?usp=sharing
>>
>> Also no fancy tools used to detect unwanted licenses, it is done while
>> reviewing PR
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
>> For additional commands, e-mail: dev-help@druid.apache.org
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
For additional commands, e-mail: dev-help@druid.apache.org
Re: Dependencies licenses Report
Posted by Gian Merlino <gi...@gmail.com>.
Hi Slim,
Do you know if ORC & Hive use this tool as part of their release process?
And if it's considered a good tool by itself for verifying we meet all of
the Apache licensing requirements, or if we'll need something else too?
On Tue, Apr 17, 2018 at 9:15 PM, Slim Bouguerra <bs...@apache.org> wrote:
> One of the question last dev synch was about the generation of dependency
> licenses.
> Some projects (ORC and Hive) use the maven site plugin that can generates
> reports with all the dependencies and licenses details.
> I have run it on Druid and this is how it looks for Druid Api Module.
> cmd
>
> mvn project-info-reports:dependencies
>
> The site directory can be found under target/site
> here is an example for one module
> https://drive.google.com/file/d/1P8R0kZjp8zP4WSOVrKdlJF7Xr8-
> OI7Oe/view?usp=sharing
>
> Also no fancy tools used to detect unwanted licenses, it is done while
> reviewing PR
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> For additional commands, e-mail: dev-help@druid.apache.org
>