>From sbt, run core/dependencyLicenseInfo (see
https://github.com/sbt/sbt-dependency-graph for instructions):
---
No license specified
Concurrent Technologies Corporation, Nteligen
LLC:daffodil-debugger_2.12:0.0.15-18-g091ad23-SNAPSHOT
commons-io:commons-io:2.8.0
com.google.code.gson:gson:2.7
com.microsoft.java:com.microsoft.java.debug.core:0.31.1
ch.qos.logback:logback-classic:1.2.3
org.apache.commons:commons-lang3:3.6
xml-resolver:xml-resolver:1.2
ch.qos.logback:logback-core:1.2.3
org.slf4j:slf4j-api:1.7.30
Apache 2.0
org.typelevel:simulacrum-scalafix-annotations_2.12:0.5.4
Apache License, Version 2.0
org.apache.daffodil:daffodil-core_2.12:3.1.0
org.apache.daffodil:daffodil-sapi_2.12:3.1.0
org.apache.daffodil:daffodil-runtime1-unparser_2.12:3.1.0
org.apache.daffodil:daffodil-runtime1_2.12:3.1.0
org.apache.daffodil:daffodil-io_2.12:3.1.0
org.apache.daffodil:daffodil-udf_2.12:3.1.0
org.apache.daffodil:daffodil-lib_2.12:3.1.0
Apache-2.0
com.typesafe:config:1.4.1
org.scala-lang.modules:scala-xml_2.12:1.3.0
org.typelevel:log4cats-slf4j_2.12:2.1.0
org.typelevel:log4cats-core_2.12:2.1.0
org.scala-lang.modules:scala-parser-combinators_2.12:1.1.2
org.typelevel:cats-effect_2.12:3.1.1
org.typelevel:cats-effect-kernel_2.12:3.1.1
com.monovore:decline_2.12:2.1.0
org.typelevel:cats-effect-std_2.12:3.1.1
com.monovore:decline-effect_2.12:2.1.0
com.comcast:ip4s-core_2.12:3.0.3
org.typelevel:literally_2.12:1.0.2
BSD-3-Clause
org.scodec:scodec-bits_2.12:1.1.27
CC0
org.reactivestreams:reactive-streams:1.0.0
MIT
org.typelevel:cats-core_2.12:2.6.1
co.fs2:fs2-io_2.12:3.0.4
com.lihaoyi:os-lib_2.12:0.7.6
com.lihaoyi:geny_2.12:0.6.9
org.typelevel:cats-kernel_2.12:2.6.1
co.fs2:fs2-core_2.12:3.0.4
Similar to Apache License but with the acknowledgment clause removed
org.jdom:jdom2:2.0.6
The Apache License, Version 2.0
com.fasterxml.woodstox:woodstox-core:6.2.6
The Apache Software License, Version 2.0
xml-apis:xml-apis:1.4.01
xerces:xercesImpl:2.12.1
com.fasterxml.jackson.core:jackson-core:2.12.3
io.reactivex.rxjava2:rxjava:2.1.1
The BSD License
org.codehaus.woodstox:stax2-api:4.2.1
Unicode/ICU License
com.ibm.icu:icu4j:69.1
---
Notes:
>From the "No license specified", I looked at either the actual pom.xml
files or the source repository, and determined the actual licenses are:
- APL 2.0
- commons-io:commons-io:2.8.0
- com.google.code.gson:gson:2.7
- org.apache.commons:commons-lang3:3.6
- xml-resolver:xml-resolver:1.2
- Eclipse Public License - v 1.0
- com.microsoft.java:com.microsoft.java.debug.core:0.31.1
- ch.qos.logback:logback-classic:1.2.3
- ch.qos.logback:logback-core:1.2.3
- MIT
- org.slf4j:slf4j-api:1.7.30
On Fri, Sep 17, 2021 at 4:45 PM Adam Rosien <a...@rosien.net> wrote:
> I said I'd do it, but completely forgot! I'll get this out this weekend.
>
> .. Adam
>
> On Fri, Sep 17, 2021 at 3:24 PM Beckerle, Mike <
> mbecke...@owlcyberdefense.com> wrote:
>
>> I recall someone verifying the licenses on dependencies. I can't find
>> that message now.
>>
>> However, this must be a transitive verification, so there's quite a few.
>>
>> The build.sbt has only:
>>
>> "ch.qos.logback" % "logback-classic" % "1.2.3",
>> "com.microsoft.java" % "com.microsoft.java.debug.core" % "0.31.1",
>> "co.fs2" %% "fs2-io" % "3.0.4",
>> "com.monovore" %% "decline-effect" % "2.1.0",
>> "org.typelevel" %% "log4cats-slf4j" % "2.1.0",
>>
>> for the typescript code, I see a bunch in package.json.
>>
>> Action Required: Can someone please verify the licenses of all the
>> dependencies transitively and send me the list?
>>
>> This is specifically what the IP Clearance checklist asks:
>>
>> Check and make sure that all items depended upon by the
>> project is covered by one or more of the following
>> approved
>> licenses: Apache, BSD, Artistic, MIT/X, MIT/W3C, MPL
>> 1.1, or
>> something with essentially the same terms.
>>
>> I'd like the list of what we checked to include it in the IP Clearance
>> checklist document.
>>
>> Note: there used to be a sbt plugin that pulled all the license files
>> recursively for sbt dependency chains. I recall we used, or attempted to
>> use, it for daffodil at one time.
>>
>>
>>
>>
No license specified
Concurrent Technologies Corporation, Nteligen
LLC:daffodil-debugger_2.12:0.0.15-18-g091ad23-SNAPSHOT
commons-io:commons-io:2.8.0
com.google.code.gson:gson:2.7
com.microsoft.java:com.microsoft.java.debug.core:0.31.1
ch.qos.logback:logback-classic:1.2.3
org.apache.commons:commons-lang3:3.6
xml-resolver:xml-resolver:1.2
ch.qos.logback:logback-core:1.2.3
org.slf4j:slf4j-api:1.7.30
Apache 2.0
org.typelevel:simulacrum-scalafix-annotations_2.12:0.5.4
Apache License, Version 2.0
org.apache.daffodil:daffodil-core_2.12:3.1.0
org.apache.daffodil:daffodil-sapi_2.12:3.1.0
org.apache.daffodil:daffodil-runtime1-unparser_2.12:3.1.0
org.apache.daffodil:daffodil-runtime1_2.12:3.1.0
org.apache.daffodil:daffodil-io_2.12:3.1.0
org.apache.daffodil:daffodil-udf_2.12:3.1.0
org.apache.daffodil:daffodil-lib_2.12:3.1.0
Apache-2.0
com.typesafe:config:1.4.1
org.scala-lang.modules:scala-xml_2.12:1.3.0
org.typelevel:log4cats-slf4j_2.12:2.1.0
org.typelevel:log4cats-core_2.12:2.1.0
org.scala-lang.modules:scala-parser-combinators_2.12:1.1.2
org.typelevel:cats-effect_2.12:3.1.1
org.typelevel:cats-effect-kernel_2.12:3.1.1
com.monovore:decline_2.12:2.1.0
org.typelevel:cats-effect-std_2.12:3.1.1
com.monovore:decline-effect_2.12:2.1.0
com.comcast:ip4s-core_2.12:3.0.3
org.typelevel:literally_2.12:1.0.2
BSD-3-Clause
org.scodec:scodec-bits_2.12:1.1.27
CC0
org.reactivestreams:reactive-streams:1.0.0
MIT
org.typelevel:cats-core_2.12:2.6.1
co.fs2:fs2-io_2.12:3.0.4
com.lihaoyi:os-lib_2.12:0.7.6
com.lihaoyi:geny_2.12:0.6.9
org.typelevel:cats-kernel_2.12:2.6.1
co.fs2:fs2-core_2.12:3.0.4
Similar to Apache License but with the acknowledgment clause removed
org.jdom:jdom2:2.0.6
The Apache License, Version 2.0
com.fasterxml.woodstox:woodstox-core:6.2.6
The Apache Software License, Version 2.0
xml-apis:xml-apis:1.4.01
xerces:xercesImpl:2.12.1
com.fasterxml.jackson.core:jackson-core:2.12.3
io.reactivex.rxjava2:rxjava:2.1.1
The BSD License
org.codehaus.woodstox:stax2-api:4.2.1
Unicode/ICU License
com.ibm.icu:icu4j:69.1
