Hi,

> In terms of binary dependency, if those “dependencies used by our 
> dependencies” (usually called transitive dependencies) are not mentioned in 
> the using dependencies, we can also detect and list the transitive 
> dependencies in our license file as they are finally bundled in our binary 
> too (mostly). But if you mean our dependency uses third party source code 
> without mentioning it, that’s a bit troublesome. 

A lot of code does indeed do this and there's no real simple automated way to 
detect that. This tool I believe may be based on a misconception, the LICENSE 
file doesn’t contain a list of licenses of the dependencies but the licences of 
what code that is bundled in the release. The license of the dependancies only 
matter if they are not compatible with the Apache license e.g. GPL or other 
category X license.

Kind Regards,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Reply via email to