Merged, but we still need to bump up nacos's version when it gets official.
-Ian. On Mon, Apr 8, 2019 at 2:17 PM Huxing Zhang <hux...@apache.org> wrote: > Hi, > > I've send a pull request: > https://github.com/apache/incubator-dubbo/pull/3810 > It would be appreciated if someone could help to review it. > > On Wed, Apr 3, 2019 at 11:20 PM Huxing Zhang <hux...@apache.org> wrote: > > > > Hi, > > > > The latest nacos client 1.0.0-RC3 has been rolled out. I will follow > > up tomorrow. > > > > [1] > https://mvnrepository.com/artifact/com.alibaba.nacos/nacos-client/1.0.0-RC3 > > > > On Tue, Apr 2, 2019 at 5:59 PM Huxing Zhang <hux...@apache.org> wrote: > > > > > > Hi, > > > > > > It looks like the dependencies with incompatible licenses have been > > > removed on the Nacos side. > > > So I think Dubbo should upgrade to the latest version once there is a > release. > > > > > > On Tue, Apr 2, 2019 at 10:28 AM Ian Luo <ian....@gmail.com> wrote: > > > > > > > > We should contact nacos's developer to fix this dependency issue. > > > > > > > > -Ian. > > > > > > > > On Mon, Apr 1, 2019 at 6:15 PM Huxing Zhang <hux...@apache.org> > wrote: > > > > > > > > > Hi, > > > > > > > > > > When I am looking at this issue[1], I realized that Dubbo may have > the > > > > > same issue. > > > > > From Dubbo 2.7.1 and 2.6.6 onwards the Nacos support has been > added, > > > > > where the following dependency has been added: > > > > > > > > > > <dependency> > > > > > <groupId>com.alibaba.nacos</groupId> > > > > > <artifactId>nacos-client</artifactId> > > > > > <version>${nacos.version}</version> > > > > > <optional>true</optional> > > > > > </dependency> > > > > > > > > > > which depend on the following dependencies: > > > > > > > > > > <dependency> > > > > > <groupId>org.codehaus.jackson</groupId> > > > > > <artifactId>jackson-mapper-lgpl</artifactId> > > > > > </dependency> > > > > > > > > > > <dependency> > > > > > <groupId>com.github.spotbugs</groupId> > > > > > <artifactId>spotbugs-annotations</artifactId> > > > > > <optional>true</optional> > > > > > </dependency> > > > > > > > > > > which is LGPL v2.1 licensed. > > > > > > > > > > This means nacos-client should not be Apache Licensed as claimed, > and > > > > > Dubbo could not depend on nacos-client. > > > > > > > > > > I have contacted the Nacos team they are addressing this issue. > > > > > > > > > > My question is how to avoid this kind of issue? > > > > > Should we check every newly added dependency for license > compatibility? > > > > > Is there any tools which can do automatic scanning? > > > > > > > > > > [1] https://github.com/apache/incubator-skywalking/pull/2422 > > > > > > > > > > -- > > > > > Best Regards! > > > > > Huxing > > > > > > > > > > > > > > > > > -- > > > Best Regards! > > > Huxing > > > > > > > > -- > > Best Regards! > > Huxing > > > > -- > Best Regards! > Huxing >
