Billie My concern with the dependencies file is the false sense of security it can sometimes give. These are dependencies for which Maven can find the license information. If it can't it isn't something that could be clearly called out/articulated. This is particularly true with a case like bundled javascript dependencies. I realize moving towards all externalized dependencies is ideal but it is also not fail-proof. Point taken thought that they offer some utility in validating.
Will take a look at the Kafka licensing case. Adding that to [ https://issues.apache.org/jira/browse/NIFI-291] now. I went through every artifact personally including nars/wars/javascript/etc... from raw source and the binary builds. Kafka though was indeed added after that. Ideal case is the dev that adds it takes care of rolling up as needed into overall LICENSE/NOTICE. Then it is on the R in RTC. Then it is on the RM. Then voters. So that went right past all phases. Independent of the outstanding questions about binary convenience packages does whatever specific license is missing from the kafka bundle preclude us from providing a binary convenience package for 0.0.1? Thanks Joe On Thu, Jan 29, 2015 at 10:10 AM, Billie Rinaldi <bil...@apache.org> wrote: > On Thu, Jan 29, 2015 at 7:45 PM, Joe Witt <joe.w...@gmail.com> wrote: > > Will investigate how to have the build process for the convenience > binaries > > not add the auto-generated dependencies file and for it to use our > license > > rather than the stock one. > > I actually like the dependencies file. It makes it easier to check over > the license. > Beware that the license does not currently cover all of the dependencies > bundled in the nars/wars. (As the license for the source package, it > doesn't have to.) The one I noticed was nifi-kafka-nar, but there could be > others. >
