I said I'd do it, but completely forgot! I'll get this out this weekend. .. Adam
On Fri, Sep 17, 2021 at 3:24 PM Beckerle, Mike < mbecke...@owlcyberdefense.com> wrote: > I recall someone verifying the licenses on dependencies. I can't find that > message now. > > However, this must be a transitive verification, so there's quite a few. > > The build.sbt has only: > > "ch.qos.logback" % "logback-classic" % "1.2.3", > "com.microsoft.java" % "com.microsoft.java.debug.core" % "0.31.1", > "co.fs2" %% "fs2-io" % "3.0.4", > "com.monovore" %% "decline-effect" % "2.1.0", > "org.typelevel" %% "log4cats-slf4j" % "2.1.0", > > for the typescript code, I see a bunch in package.json. > > Action Required: Can someone please verify the licenses of all the > dependencies transitively and send me the list? > > This is specifically what the IP Clearance checklist asks: > > Check and make sure that all items depended upon by the > project is covered by one or more of the following > approved > licenses: Apache, BSD, Artistic, MIT/X, MIT/W3C, MPL > 1.1, or > something with essentially the same terms. > > I'd like the list of what we checked to include it in the IP Clearance > checklist document. > > Note: there used to be a sbt plugin that pulled all the license files > recursively for sbt dependency chains. I recall we used, or attempted to > use, it for daffodil at one time. > > > >
