You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@netbeans.apache.org by Jaroslav Tulach <ja...@gmail.com> on 2017/10/11 12:46:07 UTC
Dependencies (#3) was: [VOTE] Build #17 as HTML/Java API release 1.5
Thanks Bertrand for taking a look. Here is what I found about dependencies:
2017-10-11 11:47 GMT+02:00 Bertrand Delacretaz <bd...@apache.org>:
>
> 3) Having a DEPENDENCIES file would make it much easier to validate
> third-party dependencies, see this recent thread:
>
> https://lists.apache.org/thread.html/b82a116ec77639c49528d654a488ff
> 354ca8edfb8f4f380865762275@%3Cdev.netbeans.apache.org%3E
>
> Right now, " mvn dependency:tree" lists some unfamiliar dependencies,
> having their license in DEPENDENCIES would help validate them.
>
>
I've added the plugin as:
incubator-netbeans-html4j$ git diff
diff --git a/pom.xml b/pom.xml
index 72799a5..e19f727 100644
--- a/pom.xml
+++ b/pom.xml
@@ -201,6 +201,29 @@
org.netbeans.html.boot.impl:org.netbeans.html.boot.fx:org.netbeans.html.context.
<useMavenDefaultExcludes>false</useMavenDefaultExcludes>
</configuration>
</plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-remote-resources-plugin</artifactId>
+ <version>1.4</version>
+ <executions>
+ <execution>
+ <goals>
+ <goal>process</goal>
+ </goals>
+ <phase>validate</phase>
+ <configuration>
+ <resourceBundles>
+ <!-- Will generate META-INF/DEPENDENCIES
+ META-INF/LICENSE META-INF/NOTICE -->
+
<resourceBundle>org.apache:apache-jar-resource-bundle:1.4</resourceBundle>
+ <!-- Will generate META-INF/DISCLAIMER -->
+
<resourceBundle>org.apache:apache-incubator-disclaimer-resource-bundle:1.1</resourceBundle>
+ </resourceBundles>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
<pluginManagement>
<plugins>
and based on that a lot of files were generated in indivudual project
target directories:
incubator-netbeans-html4j$ find | grep DEPEND
./equinox-agentclass-hook/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./equinox-agentclass-hook/target/classes/META-INF/DEPENDENCIES
./equinox-agentclass-hook/target/test-classes/META-INF/DEPENDENCIES
./sound/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./sound/target/classes/META-INF/DEPENDENCIES
./sound/target/test-classes/META-INF/DEPENDENCIES
./boot-agent-test/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./boot-agent-test/target/classes/META-INF/DEPENDENCIES
./boot-agent-test/target/test-classes/META-INF/DEPENDENCIES
./geo/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./geo/target/classes/META-INF/DEPENDENCIES
./geo/target/test-classes/META-INF/DEPENDENCIES
./ko-felix-test/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./ko-felix-test/target/classes/META-INF/DEPENDENCIES
./ko-felix-test/target/test-classes/META-INF/DEPENDENCIES
./json-tck/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./json-tck/target/classes/META-INF/DEPENDENCIES
./json-tck/target/test-classes/META-INF/DEPENDENCIES
./ko-ws-tyrus/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./ko-ws-tyrus/target/classes/META-INF/DEPENDENCIES
./ko-ws-tyrus/target/test-classes/META-INF/DEPENDENCIES
./boot-script/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./boot-script/target/classes/META-INF/DEPENDENCIES
./boot-script/target/test-classes/META-INF/DEPENDENCIES
./xhr4j/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./xhr4j/target/classes/META-INF/DEPENDENCIES
./xhr4j/target/test-classes/META-INF/DEPENDENCIES
./html4j-maven-plugin/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./html4j-maven-plugin/target/classes/META-INF/DEPENDENCIES
./html4j-maven-plugin/target/test-classes/META-INF/DEPENDENCIES
./boot/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./boot/target/classes/META-INF/DEPENDENCIES
./boot/target/test-classes/META-INF/DEPENDENCIES
./target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./ko4j/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./ko4j/target/classes/META-INF/DEPENDENCIES
./ko4j/target/test-classes/META-INF/DEPENDENCIES
./json/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./json/target/classes/META-INF/DEPENDENCIES
./json/target/test-classes/META-INF/DEPENDENCIES
./ko-osgi-test/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./ko-osgi-test/target/classes/META-INF/DEPENDENCIES
./ko-osgi-test/target/test-classes/META-INF/DEPENDENCIES
./boot-fx/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./boot-fx/target/classes/META-INF/DEPENDENCIES
./boot-fx/target/test-classes/META-INF/DEPENDENCIES
./context/target/maven-shared-archive-resources/META-INF/DEPENDENCIES
./context/target/classes/META-INF/DEPENDENCIES
./context/target/test-classes/META-INF/DEPENDENCIES
I assume that is what you want. The content (after filtering Apache and
Eclipse licenses) is:
incubator-netbeans-html4j$ find | grep DEPEND | xargs cat | grep License: |
grep -v "Apache.*2" | grep -v "Eclipse Public License" | sort -u
License: BSD (http://asm.objectweb.org/license.html)
License: CDDL+GPL (http://glassfish.java.net/public/CDDL+GPL.html)
License: Dual license consisting of the CDDL v1.1 and GPL v2 (
http://glassfish.java.net/public/CDDL+GPL_1_1.html)
License: Dual license consisting of the CDDL v1.1 and GPL v2 (
https://glassfish.java.net/public/CDDL+GPL_1_1.html)
License: provided without support or warranty (
http://www.json.org/license.html)
I assume that BSD is fine. In case of dual licensed ones we will choose
CDDL which is fine as well, right? Is the [last license](
http://www.json.org/license.html) OK as well?
Am I interpreting the output of maven-remote-resources-plugin correctly, or
do you think I will have to change the dependencies somehow? Thanks.
-jt
Re: Dependencies (#3) was: [VOTE] Build #17 as HTML/Java API release 1.5
Posted by Bertrand Delacretaz <bd...@apache.org>.
Hi,
On Wed, Oct 11, 2017 at 2:46 PM, Jaroslav Tulach
<ja...@gmail.com> wrote:
> The content (after filtering Apache and
> Eclipse licenses) is...
That looks good to me, thanks! Snipped that content below, [2].
[1] is the reference for such third-party dependencies.
BSD is fine in all cases.
CDDL is fine for an external dependency.
> ...In case of dual licensed ones we will choose
> CDDL which is fine as well, right?...
Yes, my understanding is that when dual-licensed you pick the best one
for your purpose.
> License: provided without support or warranty (
> http://www.json.org/license.html)...
This one is a problem as per [1], see "JSON license" there. It will
need to be removed but as a podling I suppose it's fine to keep it for
a first release if that's too much work right now. I suggest that you
create a jira ticket for that removal, indicating where it's used, and
we can refer to that in the Incubator PMC release vote as an intention
to fix this.
> Am I interpreting the output of maven-remote-resources-plugin correctly...
I think so - as you see it gives a nice overview of those licenses.
-Bertrand
[1] http://apache.org/legal/resolved.html
[2]
incubator-netbeans-html4j$ find | grep DEPEND | xargs cat | grep License: |
grep -v "Apache.*2" | grep -v "Eclipse Public License" | sort -u
License: BSD (http://asm.objectweb.org/license.html)
License: CDDL+GPL (http://glassfish.java.net/public/CDDL+GPL.html)
License: Dual license consisting of the CDDL v1.1 and GPL v2 (
http://glassfish.java.net/public/CDDL+GPL_1_1.html)
License: Dual license consisting of the CDDL v1.1 and GPL v2 (
https://glassfish.java.net/public/CDDL+GPL_1_1.html)
License: provided without support or warranty (
http://www.json.org/license.html)