Hi, > In terms of binary dependency, if those “dependencies used by our > dependencies” (usually called transitive dependencies) are not mentioned in > the using dependencies, we can also detect and list the transitive > dependencies in our license file as they are finally bundled in our binary > too (mostly). But if you mean our dependency uses third party source code > without mentioning it, that’s a bit troublesome.
A lot of code does indeed do this and there's no real simple automated way to detect that. This tool I believe may be based on a misconception, the LICENSE file doesn’t contain a list of licenses of the dependencies but the licences of what code that is bundled in the release. The license of the dependancies only matter if they are not compatible with the Apache license e.g. GPL or other category X license. Kind Regards, Justin --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
