All the dependencies that we have, must have a license that is compatible with ASL 2. I don't know of any way to compile a list of licenses used, that would be cool for a maven plugin.
musachy On Tue, Mar 3, 2009 at 9:32 AM, <stanl...@gmail.com> wrote: > How does a company go about fleshing out the aspects of FOSS without wasting > so many people's time? As FOSS gains in popularity, we are sinking in a > quagmire of manual research, analysis and legal license inspections. It > seems the FOSSology product will unpack compressed files and sniff around > for licenses while on the other side of the planet we have Maven > repositories that understand version dependencies -- but there is a void in > bring them together! > > In an attempt to follow a concrete day-in-the-job, let us consider > struts2.1.6 and let's further suppose that we plan to take advantage of all > the downstream dependencies it offers (i.e. optionals). > > > 1. Is there a version specific dependency tree mechanically available? > - Will subsequent versions eventually appear in the same > location.format? > 2. What technique to use in determining the stack of licenses gleaned > from this tree? > > I see developers struggling to bring together the jars necessary to do a > build, which is time consuming and expensive. I see a legal team in the > other building struggling to ascertain our risk, should this "stack" be > implemented. > > P.S. Does anyone here have first hand experience with FOSSology? > > Peace, > Scott > -- "Hey you! Would you help me to carry the stone?" Pink Floyd --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org