Re: verify licenses on dependencies for vscode debugger

[Steve Lawrence]

That's a lot of dependencies! But I guess that's how the NPM world is 
right now.


Everything from that list looks okay. Pretty much everything is MIT/ISC 
or some variant. There's a couple of oddballs like Python-2.0, Creative 
Commons which require a little extra work, and Zero Clause BSD which 
isn't explicitly mentioned as ALv2 compatible, but I'd guess shouldn't 
be a problem.


I think we're going to have to come up with some good way manage the 
LICENSE file in the convenience binary with all these dependencies, but 
we can figure that out later.


Also, daffodil-debugger is listed as "UNLICENSED" so we'll need to fix 
that (maybe that's just because it's not published to npmjs.com yet?), 
but that can also wait until after the IP clearance. We know it's ALv2.


All looks good to me.

Thanks!


On 9/20/21 7:47 AM, John Wass wrote:

JS dependencies here, should be all transitives too

https://github.com/jw3/example-daffodil-vscode/wiki/js-dependencies

On Mon, Sep 20, 2021 at 7:42 AM Steve Lawrence  wrote:


These all look compatible with the Apache license and shouldn't be a
problem. The EPL 1.0 dependencies will require some extra labeling in
the distributed binary, but that's not a big deal.

package.json also lists some dependencies, I think these are all
javascript/npm dependencies? We probably need to verify the full
transitive graph of these dependencies as well.

On 9/19/21 4:11 PM, Adam Rosien wrote:

   From sbt, run core/dependencyLicenseInfo (see
https://github.com/sbt/sbt-dependency-graph
 for instructions):

---
No license specified
Concurrent Technologies Corporation, Nteligen
LLC:daffodil-debugger_2.12:0.0.15-18-g091ad23-SNAPSHOT
commons-io:commons-io:2.8.0
com.google.code.gson:gson:2.7
com.microsoft.java:com.microsoft.java.debug.core:0.31.1
ch.qos.logback:logback-classic:1.2.3
org.apache.commons:commons-lang3:3.6
xml-resolver:xml-resolver:1.2
ch.qos.logback:logback-core:1.2.3
org.slf4j:slf4j-api:1.7.30

Apache 2.0
org.typelevel:simulacrum-scalafix-annotations_2.12:0.5.4

Apache License, Version 2.0
org.apache.daffodil:daffodil-core_2.12:3.1.0
org.apache.daffodil:daffodil-sapi_2.12:3.1.0
org.apache.daffodil:daffodil-runtime1-unparser_2.12:3.1.0
org.apache.daffodil:daffodil-runtime1_2.12:3.1.0
org.apache.daffodil:daffodil-io_2.12:3.1.0
org.apache.daffodil:daffodil-udf_2.12:3.1.0
org.apache.daffodil:daffodil-lib_2.12:3.1.0

Apache-2.0
com.typesafe:config:1.4.1
org.scala-lang.modules:scala-xml_2.12:1.3.0
org.typelevel:log4cats-slf4j_2.12:2.1.0
org.typelevel:log4cats-core_2.12:2.1.0
org.scala-lang.modules:scala-parser-combinators_2.12:1.1.2
org.typelevel:cats-effect_2.12:3.1.1
org.typelevel:cats-effect-kernel_2.12:3.1.1
com.monovore:decline_2.12:2.1.0
org.typelevel:cats-effect-std_2.12:3.1.1
com.monovore:decline-effect_2.12:2.1.0
com.comcast:ip4s-core_2.12:3.0.3
org.typelevel:literally_2.12:1.0.2

BSD-3-Clause
org.scodec:scodec-bits_2.12:1.1.27

CC0
org.reactivestreams:reactive-streams:1.0.0

MIT
org.typelevel:cats-core_2.12:2.6.1
co.fs2:fs2-io_2.12:3.0.4
com.lihaoyi:os-lib_2.12:0.7.6
com.lihaoyi:geny_2.12:0.6.9
org.typelevel:cats-kernel_2.12:2.6.1
co.fs2:fs2-core_2.12:3.0.4

Similar to Apache License but with the acknowledgment clause removed
org.jdom:jdom2:2.0.6

The Apache License, Version 2.0
com.fasterxml.woodstox:woodstox-core:6.2.6

The Apache Software License, Version 2.0
xml-apis:xml-apis:1.4.01
xerces:xercesImpl:2.12.1
com.fasterxml.jackson.core:jackson-core:2.12.3
io.reactivex.rxjava2:rxjava:2.1.1

The BSD License
org.codehaus.woodstox:stax2-api:4.2.1

Unicode/ICU License
com.ibm.icu:icu4j:69.1
---

Notes:

   From the "No license specified", I looked at either the actual pom.xml

files or

the source repository, and determined the actual licenses are:

- APL 2.0
 - commons-io:commons-io:2.8.0
 - com.google.code.gson:gson:2.7
 - org.apache.commons:commons-lang3:3.6
 - xml-resolver:xml-resolver:1.2
- Eclipse Public License - v 1.0
 - com.microsoft.java:com.microsoft.java.debug.core:0.31.1
 - ch.qos.logback:logback-classic:1.2.3
 - ch.qos.logback:logback-core:1.2.3
- MIT
 - org.slf4j:slf4j-api:1.7.30

On Fri, Sep 17, 2021 at 4:45 PM Adam Rosien mailto:a...@rosien.net>> wrote:

  I said I'd do it, but completely forgot! I'll get this out this

weekend.


  .. Adam

  On Fri, Sep 17, 2021 at 3:24 PM Beckerle, Mike
  
mbecke...@owlcyberdefense.com>> wrote:


  I recall someone verifying the licenses on dependencies. I

can't find

  that message now.

  However, this must be a transitive verification, so there's

quite a few.


  The build.sbt has only:

 "ch.qos.logback" % "logback-classic" % "1.2.3",
 "com.microsoft.java" % "com.microsoft.java.debug.core" %

"0.31.1",

 "co.fs2" %% "fs2-io" % "3.0.4",
 "com.monovore" %% "decline-effect" % "2.1.0",
 "org.typelevel" %% 

Re: verify licenses on dependencies for vscode debugger

[John Wass]

JS dependencies here, should be all transitives too

https://github.com/jw3/example-daffodil-vscode/wiki/js-dependencies

On Mon, Sep 20, 2021 at 7:42 AM Steve Lawrence  wrote:

> These all look compatible with the Apache license and shouldn't be a
> problem. The EPL 1.0 dependencies will require some extra labeling in
> the distributed binary, but that's not a big deal.
>
> package.json also lists some dependencies, I think these are all
> javascript/npm dependencies? We probably need to verify the full
> transitive graph of these dependencies as well.
>
> On 9/19/21 4:11 PM, Adam Rosien wrote:
> >   From sbt, run core/dependencyLicenseInfo (see
> > https://github.com/sbt/sbt-dependency-graph
> >  for instructions):
> >
> > ---
> > No license specified
> > Concurrent Technologies Corporation, Nteligen
> > LLC:daffodil-debugger_2.12:0.0.15-18-g091ad23-SNAPSHOT
> > commons-io:commons-io:2.8.0
> > com.google.code.gson:gson:2.7
> > com.microsoft.java:com.microsoft.java.debug.core:0.31.1
> > ch.qos.logback:logback-classic:1.2.3
> > org.apache.commons:commons-lang3:3.6
> > xml-resolver:xml-resolver:1.2
> > ch.qos.logback:logback-core:1.2.3
> > org.slf4j:slf4j-api:1.7.30
> >
> > Apache 2.0
> > org.typelevel:simulacrum-scalafix-annotations_2.12:0.5.4
> >
> > Apache License, Version 2.0
> > org.apache.daffodil:daffodil-core_2.12:3.1.0
> > org.apache.daffodil:daffodil-sapi_2.12:3.1.0
> > org.apache.daffodil:daffodil-runtime1-unparser_2.12:3.1.0
> > org.apache.daffodil:daffodil-runtime1_2.12:3.1.0
> > org.apache.daffodil:daffodil-io_2.12:3.1.0
> > org.apache.daffodil:daffodil-udf_2.12:3.1.0
> > org.apache.daffodil:daffodil-lib_2.12:3.1.0
> >
> > Apache-2.0
> > com.typesafe:config:1.4.1
> > org.scala-lang.modules:scala-xml_2.12:1.3.0
> > org.typelevel:log4cats-slf4j_2.12:2.1.0
> > org.typelevel:log4cats-core_2.12:2.1.0
> > org.scala-lang.modules:scala-parser-combinators_2.12:1.1.2
> > org.typelevel:cats-effect_2.12:3.1.1
> > org.typelevel:cats-effect-kernel_2.12:3.1.1
> > com.monovore:decline_2.12:2.1.0
> > org.typelevel:cats-effect-std_2.12:3.1.1
> > com.monovore:decline-effect_2.12:2.1.0
> > com.comcast:ip4s-core_2.12:3.0.3
> > org.typelevel:literally_2.12:1.0.2
> >
> > BSD-3-Clause
> > org.scodec:scodec-bits_2.12:1.1.27
> >
> > CC0
> > org.reactivestreams:reactive-streams:1.0.0
> >
> > MIT
> > org.typelevel:cats-core_2.12:2.6.1
> > co.fs2:fs2-io_2.12:3.0.4
> > com.lihaoyi:os-lib_2.12:0.7.6
> > com.lihaoyi:geny_2.12:0.6.9
> > org.typelevel:cats-kernel_2.12:2.6.1
> > co.fs2:fs2-core_2.12:3.0.4
> >
> > Similar to Apache License but with the acknowledgment clause removed
> > org.jdom:jdom2:2.0.6
> >
> > The Apache License, Version 2.0
> > com.fasterxml.woodstox:woodstox-core:6.2.6
> >
> > The Apache Software License, Version 2.0
> > xml-apis:xml-apis:1.4.01
> > xerces:xercesImpl:2.12.1
> > com.fasterxml.jackson.core:jackson-core:2.12.3
> > io.reactivex.rxjava2:rxjava:2.1.1
> >
> > The BSD License
> > org.codehaus.woodstox:stax2-api:4.2.1
> >
> > Unicode/ICU License
> > com.ibm.icu:icu4j:69.1
> > ---
> >
> > Notes:
> >
> >   From the "No license specified", I looked at either the actual pom.xml
> files or
> > the source repository, and determined the actual licenses are:
> >
> > - APL 2.0
> > - commons-io:commons-io:2.8.0
> > - com.google.code.gson:gson:2.7
> > - org.apache.commons:commons-lang3:3.6
> > - xml-resolver:xml-resolver:1.2
> > - Eclipse Public License - v 1.0
> > - com.microsoft.java:com.microsoft.java.debug.core:0.31.1
> > - ch.qos.logback:logback-classic:1.2.3
> > - ch.qos.logback:logback-core:1.2.3
> > - MIT
> > - org.slf4j:slf4j-api:1.7.30
> >
> > On Fri, Sep 17, 2021 at 4:45 PM Adam Rosien  > > wrote:
> >
> >  I said I'd do it, but completely forgot! I'll get this out this
> weekend.
> >
> >  .. Adam
> >
> >  On Fri, Sep 17, 2021 at 3:24 PM Beckerle, Mike
> >   mbecke...@owlcyberdefense.com>> wrote:
> >
> >  I recall someone verifying the licenses on dependencies. I
> can't find
> >  that message now.
> >
> >  However, this must be a transitive verification, so there's
> quite a few.
> >
> >  The build.sbt has only:
> >
> > "ch.qos.logback" % "logback-classic" % "1.2.3",
> > "com.microsoft.java" % "com.microsoft.java.debug.core" %
> "0.31.1",
> > "co.fs2" %% "fs2-io" % "3.0.4",
> > "com.monovore" %% "decline-effect" % "2.1.0",
> > "org.typelevel" %% "log4cats-slf4j" % "2.1.0",
> >
> >  for the typescript code, I see a bunch in package.json.
> >
> >  Action Required: Can someone please verify the licenses of all
> the
> >  dependencies transitively and send me the list?
> >
> >  This is specifically what the IP Clearance checklist asks:
> >
> > Check and make sure that all items depended
> upon by the
> >   

Re: verify licenses on dependencies for vscode debugger

[Steve Lawrence]

These all look compatible with the Apache license and shouldn't be a 
problem. The EPL 1.0 dependencies will require some extra labeling in 
the distributed binary, but that's not a big deal.


package.json also lists some dependencies, I think these are all 
javascript/npm dependencies? We probably need to verify the full 
transitive graph of these dependencies as well.


On 9/19/21 4:11 PM, Adam Rosien wrote:

  From sbt, run core/dependencyLicenseInfo (see
https://github.com/sbt/sbt-dependency-graph
 for instructions):

---
No license specified
Concurrent Technologies Corporation, Nteligen
LLC:daffodil-debugger_2.12:0.0.15-18-g091ad23-SNAPSHOT
commons-io:commons-io:2.8.0
com.google.code.gson:gson:2.7
com.microsoft.java:com.microsoft.java.debug.core:0.31.1
ch.qos.logback:logback-classic:1.2.3
org.apache.commons:commons-lang3:3.6
xml-resolver:xml-resolver:1.2
ch.qos.logback:logback-core:1.2.3
org.slf4j:slf4j-api:1.7.30

Apache 2.0
org.typelevel:simulacrum-scalafix-annotations_2.12:0.5.4

Apache License, Version 2.0
org.apache.daffodil:daffodil-core_2.12:3.1.0
org.apache.daffodil:daffodil-sapi_2.12:3.1.0
org.apache.daffodil:daffodil-runtime1-unparser_2.12:3.1.0
org.apache.daffodil:daffodil-runtime1_2.12:3.1.0
org.apache.daffodil:daffodil-io_2.12:3.1.0
org.apache.daffodil:daffodil-udf_2.12:3.1.0
org.apache.daffodil:daffodil-lib_2.12:3.1.0

Apache-2.0
com.typesafe:config:1.4.1
org.scala-lang.modules:scala-xml_2.12:1.3.0
org.typelevel:log4cats-slf4j_2.12:2.1.0
org.typelevel:log4cats-core_2.12:2.1.0
org.scala-lang.modules:scala-parser-combinators_2.12:1.1.2
org.typelevel:cats-effect_2.12:3.1.1
org.typelevel:cats-effect-kernel_2.12:3.1.1
com.monovore:decline_2.12:2.1.0
org.typelevel:cats-effect-std_2.12:3.1.1
com.monovore:decline-effect_2.12:2.1.0
com.comcast:ip4s-core_2.12:3.0.3
org.typelevel:literally_2.12:1.0.2

BSD-3-Clause
org.scodec:scodec-bits_2.12:1.1.27

CC0
org.reactivestreams:reactive-streams:1.0.0

MIT
org.typelevel:cats-core_2.12:2.6.1
co.fs2:fs2-io_2.12:3.0.4
com.lihaoyi:os-lib_2.12:0.7.6
com.lihaoyi:geny_2.12:0.6.9
org.typelevel:cats-kernel_2.12:2.6.1
co.fs2:fs2-core_2.12:3.0.4

Similar to Apache License but with the acknowledgment clause removed
org.jdom:jdom2:2.0.6

The Apache License, Version 2.0
com.fasterxml.woodstox:woodstox-core:6.2.6

The Apache Software License, Version 2.0
xml-apis:xml-apis:1.4.01
xerces:xercesImpl:2.12.1
com.fasterxml.jackson.core:jackson-core:2.12.3
io.reactivex.rxjava2:rxjava:2.1.1

The BSD License
org.codehaus.woodstox:stax2-api:4.2.1

Unicode/ICU License
com.ibm.icu:icu4j:69.1
---

Notes:

  From the "No license specified", I looked at either the actual pom.xml files 
or
the source repository, and determined the actual licenses are:

- APL 2.0
- commons-io:commons-io:2.8.0
- com.google.code.gson:gson:2.7
- org.apache.commons:commons-lang3:3.6
- xml-resolver:xml-resolver:1.2
- Eclipse Public License - v 1.0
- com.microsoft.java:com.microsoft.java.debug.core:0.31.1
- ch.qos.logback:logback-classic:1.2.3
- ch.qos.logback:logback-core:1.2.3
- MIT
- org.slf4j:slf4j-api:1.7.30

On Fri, Sep 17, 2021 at 4:45 PM Adam Rosien mailto:a...@rosien.net>> wrote:

 I said I'd do it, but completely forgot! I'll get this out this weekend.

 .. Adam

 On Fri, Sep 17, 2021 at 3:24 PM Beckerle, Mike
 mailto:mbecke...@owlcyberdefense.com>> 
wrote:

 I recall someone verifying the licenses on dependencies. I can't find
 that message now.

 However, this must be a transitive verification, so there's quite a 
few.

 The build.sbt has only:

"ch.qos.logback" % "logback-classic" % "1.2.3",
"com.microsoft.java" % "com.microsoft.java.debug.core" % 
"0.31.1",
"co.fs2" %% "fs2-io" % "3.0.4",
"com.monovore" %% "decline-effect" % "2.1.0",
"org.typelevel" %% "log4cats-slf4j" % "2.1.0",

 for the typescript code, I see a bunch in package.json.

 Action Required: Can someone please verify the licenses of all the
 dependencies transitively and send me the list?

 This is specifically what the IP Clearance checklist asks:

Check and make sure that all items depended upon by 
the
project is covered by one or more of the following
 approved
licenses: Apache, BSD, Artistic, MIT/X, MIT/W3C, MPL
 1.1, or
something with essentially the same terms.

 I'd like the list of what we checked to include it in the IP Clearance
 checklist document.

 Note: there used to be a sbt plugin that pulled all the license files
 recursively for sbt dependency chains. I recall we used, or attempted 
to
 use, it for daffodil at one time.

Re: verify licenses on dependencies for vscode debugger

[Adam Rosien]

>From sbt, run core/dependencyLicenseInfo (see
https://github.com/sbt/sbt-dependency-graph for instructions):

---
No license specified
Concurrent Technologies Corporation, Nteligen
LLC:daffodil-debugger_2.12:0.0.15-18-g091ad23-SNAPSHOT
commons-io:commons-io:2.8.0
com.google.code.gson:gson:2.7
com.microsoft.java:com.microsoft.java.debug.core:0.31.1
ch.qos.logback:logback-classic:1.2.3
org.apache.commons:commons-lang3:3.6
xml-resolver:xml-resolver:1.2
ch.qos.logback:logback-core:1.2.3
org.slf4j:slf4j-api:1.7.30

Apache 2.0
org.typelevel:simulacrum-scalafix-annotations_2.12:0.5.4

Apache License, Version 2.0
org.apache.daffodil:daffodil-core_2.12:3.1.0
org.apache.daffodil:daffodil-sapi_2.12:3.1.0
org.apache.daffodil:daffodil-runtime1-unparser_2.12:3.1.0
org.apache.daffodil:daffodil-runtime1_2.12:3.1.0
org.apache.daffodil:daffodil-io_2.12:3.1.0
org.apache.daffodil:daffodil-udf_2.12:3.1.0
org.apache.daffodil:daffodil-lib_2.12:3.1.0

Apache-2.0
com.typesafe:config:1.4.1
org.scala-lang.modules:scala-xml_2.12:1.3.0
org.typelevel:log4cats-slf4j_2.12:2.1.0
org.typelevel:log4cats-core_2.12:2.1.0
org.scala-lang.modules:scala-parser-combinators_2.12:1.1.2
org.typelevel:cats-effect_2.12:3.1.1
org.typelevel:cats-effect-kernel_2.12:3.1.1
com.monovore:decline_2.12:2.1.0
org.typelevel:cats-effect-std_2.12:3.1.1
com.monovore:decline-effect_2.12:2.1.0
com.comcast:ip4s-core_2.12:3.0.3
org.typelevel:literally_2.12:1.0.2

BSD-3-Clause
org.scodec:scodec-bits_2.12:1.1.27

CC0
org.reactivestreams:reactive-streams:1.0.0

MIT
org.typelevel:cats-core_2.12:2.6.1
co.fs2:fs2-io_2.12:3.0.4
com.lihaoyi:os-lib_2.12:0.7.6
com.lihaoyi:geny_2.12:0.6.9
org.typelevel:cats-kernel_2.12:2.6.1
co.fs2:fs2-core_2.12:3.0.4

Similar to Apache License but with the acknowledgment clause removed
org.jdom:jdom2:2.0.6

The Apache License, Version 2.0
com.fasterxml.woodstox:woodstox-core:6.2.6

The Apache Software License, Version 2.0
xml-apis:xml-apis:1.4.01
xerces:xercesImpl:2.12.1
com.fasterxml.jackson.core:jackson-core:2.12.3
io.reactivex.rxjava2:rxjava:2.1.1

The BSD License
org.codehaus.woodstox:stax2-api:4.2.1

Unicode/ICU License
com.ibm.icu:icu4j:69.1
---

Notes:

>From the "No license specified", I looked at either the actual pom.xml
files or the source repository, and determined the actual licenses are:

- APL 2.0
  - commons-io:commons-io:2.8.0
  - com.google.code.gson:gson:2.7
  - org.apache.commons:commons-lang3:3.6
  - xml-resolver:xml-resolver:1.2
- Eclipse Public License - v 1.0
  - com.microsoft.java:com.microsoft.java.debug.core:0.31.1
  - ch.qos.logback:logback-classic:1.2.3
  - ch.qos.logback:logback-core:1.2.3
- MIT
  - org.slf4j:slf4j-api:1.7.30

On Fri, Sep 17, 2021 at 4:45 PM Adam Rosien  wrote:

> I said I'd do it, but completely forgot! I'll get this out this weekend.
>
> .. Adam
>
> On Fri, Sep 17, 2021 at 3:24 PM Beckerle, Mike <
> mbecke...@owlcyberdefense.com> wrote:
>
>> I recall someone verifying the licenses on dependencies. I can't find
>> that message now.
>>
>> However, this must be a transitive verification, so there's quite a few.
>>
>> The build.sbt has only:
>>
>>   "ch.qos.logback" % "logback-classic" % "1.2.3",
>>   "com.microsoft.java" % "com.microsoft.java.debug.core" % "0.31.1",
>>   "co.fs2" %% "fs2-io" % "3.0.4",
>>   "com.monovore" %% "decline-effect" % "2.1.0",
>>   "org.typelevel" %% "log4cats-slf4j" % "2.1.0",
>>
>> for the typescript code, I see a bunch in package.json.
>>
>> Action Required: Can someone please verify the licenses of all the
>> dependencies transitively and send me the list?
>>
>> This is specifically what the IP Clearance checklist asks:
>>
>>   Check and make sure that all items depended upon by the
>>   project is covered by one or more of the following
>> approved
>>   licenses: Apache, BSD, Artistic, MIT/X, MIT/W3C, MPL
>> 1.1, or
>>   something with essentially the same terms.
>>
>> I'd like the list of what we checked to include it in the IP Clearance
>> checklist document.
>>
>> Note: there used to be a sbt plugin that pulled all the license files
>> recursively for sbt dependency chains. I recall we used, or attempted to
>> use, it for daffodil at one time.
>>
>>
>>
>>
No license specified
 Concurrent Technologies Corporation, Nteligen 
LLC:daffodil-debugger_2.12:0.0.15-18-g091ad23-SNAPSHOT
 commons-io:commons-io:2.8.0
 com.google.code.gson:gson:2.7
 com.microsoft.java:com.microsoft.java.debug.core:0.31.1
 ch.qos.logback:logback-classic:1.2.3
 org.apache.commons:commons-lang3:3.6
 xml-resolver:xml-resolver:1.2
 ch.qos.logback:logback-core:1.2.3
 org.slf4j:slf4j-api:1.7.30

Apache 2.0
 org.typelevel:simulacrum-scalafix-annotations_2.12:0.5.4

Apache License, Version 2.0
 org.apache.daffodil:daffodil-core_2.12:3.1.0
 org.apache.daffodil:daffodil-sapi_2.12:3.1.0
 

Re: verify licenses on dependencies for vscode debugger

[Adam Rosien]

I said I'd do it, but completely forgot! I'll get this out this weekend.

.. Adam

On Fri, Sep 17, 2021 at 3:24 PM Beckerle, Mike <
mbecke...@owlcyberdefense.com> wrote:

> I recall someone verifying the licenses on dependencies. I can't find that
> message now.
>
> However, this must be a transitive verification, so there's quite a few.
>
> The build.sbt has only:
>
>   "ch.qos.logback" % "logback-classic" % "1.2.3",
>   "com.microsoft.java" % "com.microsoft.java.debug.core" % "0.31.1",
>   "co.fs2" %% "fs2-io" % "3.0.4",
>   "com.monovore" %% "decline-effect" % "2.1.0",
>   "org.typelevel" %% "log4cats-slf4j" % "2.1.0",
>
> for the typescript code, I see a bunch in package.json.
>
> Action Required: Can someone please verify the licenses of all the
> dependencies transitively and send me the list?
>
> This is specifically what the IP Clearance checklist asks:
>
>   Check and make sure that all items depended upon by the
>   project is covered by one or more of the following
> approved
>   licenses: Apache, BSD, Artistic, MIT/X, MIT/W3C, MPL
> 1.1, or
>   something with essentially the same terms.
>
> I'd like the list of what we checked to include it in the IP Clearance
> checklist document.
>
> Note: there used to be a sbt plugin that pulled all the license files
> recursively for sbt dependency chains. I recall we used, or attempted to
> use, it for daffodil at one time.
>
>
>
>

verify licenses on dependencies for vscode debugger

[Beckerle, Mike]

I recall someone verifying the licenses on dependencies. I can't find that 
message now.

However, this must be a transitive verification, so there's quite a few.

The build.sbt has only:

  "ch.qos.logback" % "logback-classic" % "1.2.3",
  "com.microsoft.java" % "com.microsoft.java.debug.core" % "0.31.1",
  "co.fs2" %% "fs2-io" % "3.0.4",
  "com.monovore" %% "decline-effect" % "2.1.0",
  "org.typelevel" %% "log4cats-slf4j" % "2.1.0",

for the typescript code, I see a bunch in package.json.

Action Required: Can someone please verify the licenses of all the dependencies 
transitively and send me the list?

This is specifically what the IP Clearance checklist asks:

  Check and make sure that all items depended upon by the
  project is covered by one or more of the following approved
  licenses: Apache, BSD, Artistic, MIT/X, MIT/W3C, MPL 1.1, or
  something with essentially the same terms.

I'd like the list of what we checked to include it in the IP Clearance 
checklist document.

Note: there used to be a sbt plugin that pulled all the license files 
recursively for sbt dependency chains. I recall we used, or attempted to use, 
it for daffodil at one time.