incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Owen <>
Subject Re: Reviewing license / notice and bundled software
Date Thu, 17 Jul 2014 07:25:40 GMT
When I did this review for Spark, I used Maven's license plugin:
mvn license:aggregate-add-third-party

It creates a report of all transitive deps and their license,
according to pom files.

I had to indeed review lots of the dependencies by hand to evaluate
license issues. It is not simple.

On Thu, Jul 17, 2014 at 1:19 AM, Justin Mclean <> wrote:
> Hi,
> Last few times I've reviewed LICENSE / NOTICE files in projects it ends up being quite
difficult knowing what exactly has been bundled and exactly how those bits of included software
are licensed. In particular some software (i.e. bootstap) have moved form an Apache license
to an MIT one in recent times and it not always immediately clear which version has been bundled.
> So what the the best way for projects to indicate what versions of software (and what
licences) have been bundled and to make reviewing LICENSE/NOTICE easier? IMO this helps both
the incubator (more people vote/less issues get through) and incubating projects (less -1s
due to LICENSE/NOTICE issues).
> In particular bundled Apache licensed software is an issue. How do you easily tell the
difference between a a missing entry to LICENSE (as the bundled software may be say BSD or
MIT license) vs nothing required in LICENSE as the bundled software is Apache licence? In
some cases searching for file headers can help but quite often they are missing and/or it
not immediately obvious what terms an external projects is licensed under.
> Thanks,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message