On Mon, Jan 23, 2012 at 12:12 PM, Reto Bachmann-Gmür <r...@apache.org> wrote: > On Mon, Jan 23, 2012 at 11:32 AM, ant elder <antel...@apache.org> wrote: >> ...As one example, the binary release clerezza-tdb-distribution.zip >> contains a big jar platform.launcher.tdb-0.5-incubating.jar which >> embeds other jars, for example it contains >> servlet-api-3.0.20100224.jar, which is EPL licensed so that needs to >> be mentioned in clerezza-tdb-distribution.zip. >> > Is there a way to systematically find out the license of such transitive > maven dependencies? The jar you mention contains no license or notice file, > it contains a maven pom file without licensing information...
I'm afraid the only way to find out about such a license is to hunt that project's website. The techniques mentioned on my blog at [1] should list all the dependencies of a Maven project, and after you remove all the known good ones (org.apache.* etc.) you're left with a list of dependencies that need to be checked. The cleanest way to handle that for Clerezza might be to add a note to the LICENSE file that lists which other licenses besides Apache are included, and points to a text file with licensing information for those additional dependencies. Putting some simple structure in that file might help automating (at least partially) that check for future releases. -Bertrand [1] http://grep.codeconsult.ch/2010/07/08/list-all-your-maven-dependencies/ --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
