When I did this review for Spark, I used Maven's license plugin: http://mojo.codehaus.org/license-maven-plugin/ mvn license:aggregate-add-third-party
It creates a report of all transitive deps and their license, according to pom files. I had to indeed review lots of the dependencies by hand to evaluate license issues. It is not simple. On Thu, Jul 17, 2014 at 1:19 AM, Justin Mclean <jus...@classsoftware.com> wrote: > Hi, > > Last few times I've reviewed LICENSE / NOTICE files in projects it ends up > being quite difficult knowing what exactly has been bundled and exactly how > those bits of included software are licensed. In particular some software > (i.e. bootstap) have moved form an Apache license to an MIT one in recent > times and it not always immediately clear which version has been bundled. > > So what the the best way for projects to indicate what versions of software > (and what licences) have been bundled and to make reviewing LICENSE/NOTICE > easier? IMO this helps both the incubator (more people vote/less issues get > through) and incubating projects (less -1s due to LICENSE/NOTICE issues). > > In particular bundled Apache licensed software is an issue. How do you easily > tell the difference between a a missing entry to LICENSE (as the bundled > software may be say BSD or MIT license) vs nothing required in LICENSE as the > bundled software is Apache licence? In some cases searching for file headers > can help but quite often they are missing and/or it not immediately obvious > what terms an external projects is licensed under. > > Thanks, > Justin > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
