ode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Kopp <kopp....@gmail.com>
Subject Re: Sources of dependencies
Date Wed, 18 Oct 2017 13:43:31 GMT
Hi Sathwik,

Thank you for your answer.

> As of Apache ODE source code distribution, we don't ship any third-party
> dependent source along with it nor do we take their source and compile it
> ourself. We only use third-party library in it's binary form and it's
> binary license will be shipped with the ODE binary distribution.

Sure. We understand that Apache has a different OSS process than we have.

In Eclipse terms, as far as I understood, Apache is doing "Type A" (a
license certification for all dependencies). We aim for a Type B Due
Diligence, which additionally provides certification, provenance
check, and code scan for various sorts of anomalies. For that code
scan, we need the source of all dependencies. - For details on type A
and B Wayne has some words:
https://waynebeaton.wordpress.com/2017/01/12/license-certification-due-diligence/

Cheers,

Oliver

Mime
View raw message