ode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Kopp <kopp....@gmail.com>
Subject Sources of dependencies
Date Wed, 18 Oct 2017 10:49:14 GMT

We are going to use Apache ODE in a project with involvement of
industry partners. There, we are obliged to proof all (transitive)
dependencies ODE uses, in order to guarantee that all of them apply to
the Apache License Version 2.0. Unfortunately, we were not able to
(automatically) retrieve/find the source code for 15 of the 83
dependencies (from Maven Central) which are packaged into the final
ODE WAR distribution and therefore cannot check what licenses these
dependencies REALLY have:

    1.  annogen:annogen:jar:sources:0.1.0

    2.  org.apache.derby:derby:jar:sources:

    3.  org.apache.derby:derbytools:jar:sources:

    4.  tranql:tranql-connector:jar:sources:1.1

    5.  org.apache.geronimo.specs:geronimo-j2ee-connector_1.5_spec:jar:sources:1.0

    6.  org.apache.velocity:velocity:jar:sources:1.5

    7.  net.sourceforge.serp:serp:jar:sources:1.13.1

    8.  org.jibx:jibx-run:jar:sources:1.2.1

    9.  commons-primitives:commons-primitives:jar:sources:1.0

    10. geronimo-spec:geronimo-spec-jms:jar:sources:1.1-rc4

    11. org.apache.santuario:xmlsec:jar:sources:1.4.6

    12. org.apache.xmlbeans:xmlbeans:jar:sources:2.6.0

    13. org.opensaml:opensaml1:jar:sources:1.1

    14. org.apache.axis2:axis2-transports:jar:sources:1.0-i6

    15. stax:stax-api:jar:sources:1.0.1

The question is, if someone of the ODE team already has transitively
checked all related licenses of the used dependencies when open
sourcing Apache ODE so that we can rely on your checks?

Otherwise, would it be potentially possible that someone can provide
us the source code for all dependencies bundled within the WAR
distribution of Apache ODE so that we can check them?



View raw message