You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@iotdb.apache.org by Xiangdong Huang <sa...@gmail.com> on 2020/07/28 09:00:17 UTC
share a command to check the license compatibility problem
Hi all,
I share two commands for checking whether our dependencies being compatible
with Apache License:
1. generate the license check file:
mvn package license:add-third-party -Dlicense.useMissingFile -DskipTests
2. cat the files, find all catalogX licenses, and then remove all who has
optional compatible license:
find . -name THIRD-PARTY.txt| xargs cat | grep -E
'BCL|Intel|JSR-275|Microsoft Limited Public License|ASL|Java SDK for Satori
RTM| Redis Source Available License|RSAL|Booz Allen Public License|Creative
Commons|Sun Community|GPL|Affero|LGPL|QPL|Sleepycat|Server Side|SSPL|Code
Project|CPOL|BSD-4|Facebook BSD+|Solipsistic Eclipse Public|Be A Dick|JSON
License' | grep -v CDDL |grep -v Apache
When you introduce a new dependency into IoTDB, please pay attention about
the license.
For Release Manager, please run the above command before you run `mvn
release:....`
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Re: share a command to check the license compatibility problem
Posted by Xiangdong Huang <sa...@gmail.com>.
Hi Justin,
Thanks for your suggestion.
This command is inspired by Houliang and Apache Dubbo's experience.
I think at least now it covers all catalogX licenses (I put all licenses
that appear in [1]), but of course the command can not keep update with the
webpage automatically.
> but it doesn’t replace manual inspection.
And yes, I think that's one of the reasons that why we need people in the
community to check and vote for each release.
[1] https://www.apache.org/legal/resolved.html#category-x
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Justin Mclean <ju...@classsoftware.com> 于2020年7月28日周二 下午5:56写道:
> Hi,
>
> That's a good idea and thanks for sharing how you found it.
>
> Just a word of caution something like this is not going to pick up all
> Category X licenses and may be confused by things that are dual licensed.
> Automation and checks like this can be very helpful (I use a lot of similar
> ones when checking release) but it doesn’t replace manual inspection. In
> some cases I've seen projects rely on things like this and have become
> complacent.
>
> Thanks,
> Justin
Re: share a command to check the license compatibility problem
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
That's a good idea and thanks for sharing how you found it.
Just a word of caution something like this is not going to pick up all Category X licenses and may be confused by things that are dual licensed. Automation and checks like this can be very helpful (I use a lot of similar ones when checking release) but it doesn’t replace manual inspection. In some cases I've seen projects rely on things like this and have become complacent.
Thanks,
Justin