You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@iotdb.apache.org by Xiangdong Huang <sa...@gmail.com> on 2020/07/28 09:00:17 UTC

share a command to check the license compatibility problem

Hi all,

I share two commands for checking whether our dependencies being compatible
with Apache License:

1. generate the license check file:

mvn package license:add-third-party -Dlicense.useMissingFile -DskipTests

2. cat the files, find all catalogX licenses, and then remove all who has
optional compatible license:

find . -name THIRD-PARTY.txt| xargs cat | grep -E
'BCL|Intel|JSR-275|Microsoft Limited Public License|ASL|Java SDK for Satori
RTM| Redis Source Available License|RSAL|Booz Allen Public License|Creative
Commons|Sun Community|GPL|Affero|LGPL|QPL|Sleepycat|Server Side|SSPL|Code
Project|CPOL|BSD-4|Facebook BSD+|Solipsistic Eclipse Public|Be A Dick|JSON
License' | grep -v CDDL |grep -v Apache

When you introduce a new dependency into IoTDB, please pay attention about
the license.

For Release Manager, please run the above command before you run `mvn
release:....`

Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University

 黄向东
清华大学 软件学院

Re: share a command to check the license compatibility problem

Posted by Xiangdong Huang <sa...@gmail.com>.

Hi Justin,

Thanks for your suggestion.

This command is inspired by Houliang and Apache Dubbo's experience.

I think at least now it covers all catalogX licenses (I put all licenses
that appear in [1]), but of course the command can not keep update with the
webpage automatically.

>  but it doesn’t replace manual inspection.

And yes, I think that's one of the reasons that why we need people in the
community to check and vote for each release.

[1] https://www.apache.org/legal/resolved.html#category-x

Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University

 黄向东
清华大学 软件学院


Justin Mclean <ju...@classsoftware.com> 于2020年7月28日周二 下午5:56写道：

> Hi,
>
> That's a good idea and thanks for sharing how you found it.
>
> Just a word of caution something like this is not going to pick up all
> Category X licenses and may be confused by things that are dual licensed.
> Automation and checks like this can be very helpful (I use a lot of similar
> ones when checking release)  but it doesn’t replace manual inspection. In
> some cases I've seen projects rely on things like this and have become
> complacent.
>
> Thanks,
> Justin

Re: share a command to check the license compatibility problem

Posted by Justin Mclean <ju...@classsoftware.com>.

Hi,

That's a good idea and thanks for sharing how you found it. 

Just a word of caution something like this is not going to pick up all Category X licenses and may be confused by things that are dual licensed. Automation and checks like this can be very helpful (I use a lot of similar ones when checking release)  but it doesn’t replace manual inspection. In some cases I've seen projects rely on things like this and have become complacent. 

Thanks,
Justin