>>>>> Can you please let me know which license XPP uses? I could not find >>>>> informatino in NOTICE and did not find a website which helped me. its >>>>> necessary to clarify that as xpp3 is in the war file release. Once you >>>>> told >>>>> me, I will give my +1 >>>> >>>> Clearly missing in the N&L files. >>> >>> OK. Guess this should be fixed with a new attempt then. >> >> >> Will do ASAP - guess we are trying to beat some record at Syncope: I know >> that Flex made it in seven attempts, we are approaching... ;-) >> >> Jokes apart, we are talking here about XPP3, a transitive dependency of >> XStream which is instead a declared dependency of Syncope (core). >> We honestly did not consider at all such dependencies in L&N files, and >> there are quite some: what's the best practice for such cases? I see no >> option but using the maven dependency plugin in order to find all transitive >> dependencies and update L&N files consequently. >> >> Is this correct? Basically, I feel this like breaking the Maven dependency >> resolution... > > I must admit I'm a bit puzzled. > > IMO, the L&N files should only contain the required licenses and notice for > deps we are explicitely declaring in the poms, as they are part of the > build. The fact that the built wars include transitive dependencies is a > by-product of the build. In other words, if a 3rd party we include itself > depends on some other libs, then it's this 3rd party L&N files to > explicitely include the required L&N, not ours.
When you put a war file on /dist containing that jar file, you are releasing it. Imho it does not matter if it is transitive or what else - at least it must be AL compatible. Others may correct me, but i think this must be cared of. > So XPP is not included by us, and should not be added in the N&L, as I > initially (wrongly) thought. http://incubator.apache.org/guides/releasemanagement.html#best-practice-license "All the licenses on all the files to be included within a package should be included in the LICENSE document. " It says to me, it does not matter who depends on what, it does only matter whats inside your war. Btw, I am still unsure which license XPP has. This is worse, because: http://www.apache.org/dev/release.html#distribute-other-artifacts "Again, these artifacts may be distributed only if they contain LICENSE and NOTICE files" This means for me, the XPP.jar can only be included in the war file when it contains a LICENSE or a NOTICE. I just opened it, but there is no such files. In fact it means I cannot see from the release what license it actually contains. Is there a chance you remove XPP or add license information for this artifact? Cheers, Christian > Regarding the distinction between sources vs binary N&L files, my perception > is that we should keep all the required (ie if it's explicitely asked by the > 3rd party license) 3rd party Licenses, and nothing more. I do think we are > pretty much ok here. Sebastian, if you have some libs that you think should > not be present in the N&L files, could you name them ? > > Thanks ! > > > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > -- http://www.grobmeier.de https://www.timeandbill.de --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
