Le 09/06/2018 à 16:01, Stefan Seelmann a écrit : > On 06/03/2018 10:39 AM, Stefan Seelmann wrote: >> Next steps: >> * Identify the codebase: What I see [2] is the latest commit, correct? >> * Decide on a name: which name should we use? SCIMple, eSCIMo, something >> else? We just make to be sure the name is not trademarked yet. > > Any thoughts on this? > >> * Check source and dependencies for Apache License compatibility (I do, >> but more eyes are welcomed :-) > > I found the following problematic dependencies which are LGPL licensed > and must not be included in an Apache release artifact. > > com.google.code.findbugs:annotations:2.0.1 > * LGPL > * scim-server-rdbms, scim-spec-protocol, scim-server-couchdb, etc. > * Transitive dependency of swagger-jaxrs > * Fix: try to exclude?
clearly. > > org.hibernate:hibernate-jpamodelgen:5.2.0.Final > * LGPL > * scim-server-rdbms > * Fix: Change scope to provided as it is only used at build time > > org.hibernate:hibernate-core:5.0.9.Final > org.hibernate:hibernate-entitymanager:5.0.9.Final > * LGPL > * scim-errai > * Fix: switch to another JPA implementation (Apache OpenJPA), but I > don't know deep Hibernate is wired into Errai. > * Note: this is only an issue if it's planned to publish a WAR file that > includes Hibernate. The current scim-errai seems to only be a showcase app. This is clearly something that need to be replaced. FTR, LGPL/GPL is not compatible with AL 2.0 in a sense that we can't release code that contains LGPL/GPL packages without being tainted... Thanks Stefan for the thorough analasys. -- Emmanuel Lecharny Symas.com directory.apache.org
pEpkey.asc
Description: application/pgp-keys
