Hi Shawn, yes, that is totally fine.
Thanks, Stefan On 06/14/2018 07:14 PM, Smith, Shawn E wrote: > Is an exclusion sufficient from a license perspective? > > > For instance if I change the pom in scim-spec-protocol to have > > > <dependency> > <groupId>io.swagger</groupId> > <artifactId>swagger-jaxrs</artifactId> > <version>1.5.0</version> > <exclusions> > <exclusion> > <groupId>com.fasterxml.jackson.dataformat</groupId> > <artifactId>jackson-dataformat-xml</artifactId> > </exclusion> > <exclusion> > <groupId>com.fasterxml.jackson.core</groupId> > <artifactId>jackson-core</artifactId> > </exclusion> > <exclusion> > <groupId>com.fasterxml.jackson.core</groupId> > <artifactId>jackson-annotations</artifactId> > </exclusion> > <exclusion> > <groupId>com.google.code.findbugs</groupId> > <artifactId>annotations</artifactId> > </exclusion> > <exclusion> > <groupId>com.fasterxml.jackson.core</groupId> > <artifactId>jackson-databind</artifactId> > </exclusion> > <exclusion> > <artifactId>jsr311-api</artifactId> > <groupId>javax.ws.rs</groupId> > </exclusion> > </exclusions> > </dependency> > > findbugs is no longer represented in the dependency tree > > [INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ > scim-spec-protocol --- > [INFO] edu.psu.swe.scim:scim-spec-protocol:jar:2.23-SNAPSHOT > [INFO] +- javax:javaee-api:jar:7.0:provided > [INFO] | \- com.sun.mail:javax.mail:jar:1.5.0:provided > [INFO] | \- javax.activation:activation:jar:1.1.1:compile > [INFO] +- io.swagger:swagger-jaxrs:jar:1.5.0:compile > [INFO] | +- > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.8.8:compile > [INFO] | | \- org.yaml:snakeyaml:jar:1.15:compile > [INFO] | +- io.swagger:swagger-core:jar:1.5.0:compile > [INFO] | | +- > com.fasterxml.jackson.datatype:jackson-datatype-joda:jar:2.8.8:compile > [INFO] | | | \- joda-time:joda-time:jar:2.7:compile > [INFO] | | \- io.swagger:swagger-models:jar:1.5.0:compile > [INFO] | | \- io.swagger:swagger-annotations:jar:1.5.0:compile > [INFO] | +- org.reflections:reflections:jar:0.9.10:compile > [INFO] | | +- com.google.guava:guava:jar:20.0:compile > [INFO] | | \- org.javassist:javassist:jar:3.18.2-GA:compile > [INFO] | \- > com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.8.8:compile > [INFO] | +- > com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.8.8:compile > [INFO] | \- > com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.8.8:compile > [INFO] +- edu.psu.swe.scim:scim-spec-schema:jar:2.23-SNAPSHOT:compile > [INFO] | +- javax.xml.bind:jaxb-api:jar:2.1:compile > [INFO] | | \- javax.xml.stream:stax-api:jar:1.0-2:compile > [INFO] | +- javax.validation:validation-api:jar:1.1.0.Final:compile > [INFO] | +- org.slf4j:slf4j-api:jar:1.7.12:compile > [INFO] | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.8.0:compile > [INFO] | \- org.apache.commons:commons-lang3:jar:3.1:compile > [INFO] +- org.projectlombok:lombok:jar:1.16.14:provided > [INFO] +- junit:junit:jar:4.12:test > [INFO] | \- org.hamcrest:hamcrest-core:jar:1.3:test > [INFO] +- pl.pragmatists:JUnitParams:jar:1.0.4:test > [INFO] +- org.slf4j:slf4j-simple:jar:1.7.12:test > [INFO] \- org.antlr:antlr4-runtime:jar:4.5.3:compile > > Shanw > > ________________________________ > From: Smith, Shawn E <se...@psu.edu> > Sent: Saturday, June 9, 2018 1:20:25 PM > To: dev@directory.apache.org; Apache Directory Developers List > Subject: Re: PSU SCIMple donation > > The dependency problem should be pretty easy to address, they're mostly in > example projects. I'll look at it tomorrow. > > By the way, is anyone on the list going to Dockercon? > > Get Outlook for > Android<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Fghei36&data=02%7C01%7Cses44%40psu.edu%7C92c37f4f451c419e1f1908d5ce2d54f3%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636641616466043478&sdata=BSjhJ6N2DnBtFLtIATcELb0DgLxIvZTfMgaGJyb5mdg%3D&reserved=0> > > ________________________________ > From: Stefan Seelmann <m...@stefan-seelmann.de> > Sent: Saturday, June 9, 2018 10:01:16 AM > To: dev@directory.apache.org > Subject: Re: PSU SCIMple donation > > On 06/03/2018 10:39 AM, Stefan Seelmann wrote: >> Next steps: >> * Identify the codebase: What I see [2] is the latest commit, correct? >> * Decide on a name: which name should we use? SCIMple, eSCIMo, something >> else? We just make to be sure the name is not trademarked yet. > > Any thoughts on this? > >> * Check source and dependencies for Apache License compatibility (I do, >> but more eyes are welcomed :-) > > I found the following problematic dependencies which are LGPL licensed > and must not be included in an Apache release artifact. > > com.google.code.findbugs:annotations:2.0.1 > * LGPL > * scim-server-rdbms, scim-spec-protocol, scim-server-couchdb, etc. > * Transitive dependency of swagger-jaxrs > * Fix: try to exclude? > > org.hibernate:hibernate-jpamodelgen:5.2.0.Final > * LGPL > * scim-server-rdbms > * Fix: Change scope to provided as it is only used at build time > > org.hibernate:hibernate-core:5.0.9.Final > org.hibernate:hibernate-entitymanager:5.0.9.Final > * LGPL > * scim-errai > * Fix: switch to another JPA implementation (Apache OpenJPA), but I > don't know deep Hibernate is wired into Errai. > * Note: this is only an issue if it's planned to publish a WAR file that > includes Hibernate. The current scim-errai seems to only be a showcase app. > >> * Wait for secretary confirmation that CCLA is recorded > > This is done > > >
