Hi all,
today I was finally able to review and fix the various LICENSE and
NOTICE files in the master branch [1].
I had this task long overdue in my TODO list, because it seems that
we've been adding several dependencies to the various modules without
even think to keep LICENSE and NOTICE aligned.
As any decent software engineer, I was pretty much full of all JAR files
manual checking, so I've developed [2].
LNGenerator essentially does what I used to do manually:
1. after building Syncope, given a certain directory full of JAR files
(which can be WEB-INF/lib for a web artifact, or some other directory in
case of ZIP or Uber JAR files)
2. for all JAR files there, lookup into the local Maven repository
(~/.m2/repository) and empower Maven's M2GavCalculator to determine
groupId and artifactId
3. exclude all ASF dependencies
4. lookup into a local database of licenses / notices
5. append to LICENSE / NOTICE files
As a result, for all of Syncope artifacts requiring LICENSE / NOTICE
(standalone, installer, client/cli, deb/core, deb/console, deb/enduser)
I was able to generate such files reflecting the exact dependencies needed.
Most importantly, we can repeat this again skipping the painful process
of starting every time from scratch, for the future.
...and please, devs, when adding any dependency, do it carefully and
check transitive ;-)
Regards.
[1]
https://github.com/apache/syncope/commit/44b12506d5692ae7ddbb15e1b5af0b9816f92901
[2] https://github.com/ilgrosso/LNGenerator
[3] https://www.apache.org/dev/licensing-howto.html
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF committer
http://home.apache.org/~ilgrosso/