Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

检查 licenses/notice 合规性 #6

Open
1 task
simon824 opened this issue Dec 15, 2023 · 4 comments
Open
1 task

检查 licenses/notice 合规性 #6

simon824 opened this issue Dec 15, 2023 · 4 comments

Comments

@simon824
Copy link
Member

simon824 commented Dec 15, 2023
edited
Loading

  1. 对比 release-1.2.0 和 release-1.0.0 分支,known-dependencies.txt 文件的差异,找出新增和删除的依赖。(版本变更不属于新增或删除,可以跳过)
  2. 对于新增的依赖要做以下操作新增 license/notice,被删除的依赖则删除 license/notice。
    1. 找到第三方依赖的仓库,将依赖的 license 文件放到 ./hugegraph-server/hugegraph-dist/release-docs/licenses/ 路径下。
    2. ./hugegraph-dist/release-docs/LICENSE 中声明该依赖的 LICENSE 信息。
    3. 找到仓库里的 NOTICE 文件,将其追加到 ./hugegraph-server/hugegraph-dist/release-docs/NOTICE 文件后面(如果没有NOTICE文件则跳过这一步)。

例如:在项目中引入了第三方新依赖 -> ant-1.9.1.jar

ant-1.9.1.jar` 的 license 信息需要在 LICENSE 文件中指定,notice 信息需要在 NOTICE 文件中指定。 ant-1.9.1.jar 对应的详细 LICENSE 文件需要复制到我们的 licenses/ 目录下。最后更新 known-dependencies.txt 文件。

在此处汇总依赖信息,附上依赖的license/notice链接,不同仓库之间的依赖可能重复,不用重复找。

1. hugegraph

2. hugegraph-toolchain

3. hugegraph-computer

4. hugegraph-commons

4.1. 需要删除 license/notice 的依赖

hk2-api-3.0.1.jar
hk2-locator-3.0.1.jar
hk2-utils-3.0.1.jar
httpclient-4.5.13.jar
httpcore-4.4.13.jar
aopalliance-repackaged-3.0.1.jar
jakarta.annotation-api-2.0.0.jar
jakarta.inject-api-2.0.0.jar
jakarta.ws.rs-api-3.0.0.jar
jakarta.xml.bind-api-4.0.0-RC2.jar
javax.activation-api-1.2.0.jar
jaxb-api-2.3.1.jar
jersey-apache-connector-3.0.3.jar
jersey-client-3.0.3.jar
jersey-common-3.0.3.jar
jersey-entity-filtering-3.0.3.jar
jersey-hk2-3.0.3.jar
jersey-media-json-jackson-3.0.3.jar
osgi-resource-locator-1.0.3.jar

4.2. 需要增加 license/notice 的依赖

kotlin-stdlib-1.6.20.jar
kotlin-stdlib-common-1.5.31.jar
kotlin-stdlib-jdk7-1.6.10.jar
kotlin-stdlib-jdk8-1.6.10.jar
logging-interceptor-4.10.0.jar
lombok-1.18.8.jar
okhttp-4.10.0.jar
okio-jvm-3.0.0.jar
@liuxiaocs7
Copy link

liuxiaocs7 commented Dec 15, 2023
edited
Loading

ToolChain:

release-1.0.0: https://github.com/apache/incubator-hugegraph-toolchain/blob/release-1.0.0/hugegraph-dist/scripts/dependency/known-dependencies.txt

release-1.2.0: https://github.com/apache/incubator-hugegraph-toolchain/blob/release-1.2.0/hugegraph-dist/scripts/dependency/known-dependencies.txt

needs to be added compared to release1.0.0:

annotations-13.0.jar
checker-qual-3.33.0.jar
commons-fileupload-1.5.jar
commons-io-2.8.0.jar
commons-net-3.9.0.jar
commons-text-1.10.0.jar
curator-framework-4.2.0.jar
error_prone_annotations-2.18.0.jar
gson-2.8.9.jar
guava-32.0.1-jre.jar
hadoop-client-3.3.1.jar
hadoop-hdfs-3.3.1.jar
hadoop-hdfs-client-3.3.1.jar
hadoop-mapreduce-client-common-3.3.1.jar
hadoop-mapreduce-client-core-3.3.1.jar
hadoop-mapreduce-client-jobclient-3.3.1.jar
hadoop-yarn-api-3.3.1.jar
hadoop-yarn-client-3.3.1.jar
hadoop-yarn-common-3.3.1.jar
j2objc-annotations-2.8.jar
jackson-datatype-jdk8-2.12.3.jar
jackson-datatype-jsr310-2.12.3.jar
jackson-jaxrs-base-2.12.3.jar
jackson-jaxrs-json-provider-2.12.3.jar
jackson-module-parameter-names-2.12.3.jar
javassist-3.25.0-GA.jar
javax.inject-2.5.0-b32.jar
javax.inject-2.5.0-b42.jar
jersey-container-servlet-core-2.25.1.jar
jersey-container-servlet-core-2.27.jar
jetty-client-9.4.40.v20210413.jar
jline-3.9.0.jar
jsr305-3.0.2.jar
kotlin-stdlib-1.6.20.jar
kotlin-stdlib-common-1.5.31.jar
kotlin-stdlib-jdk7-1.2.71.jar
kotlin-stdlib-jdk7-1.6.10.jar
kotlin-stdlib-jdk8-1.2.71.jar
kotlin-stdlib-jdk8-1.6.10.jar
logging-interceptor-4.10.0.jar
netty-3.10.6.Final.jar
netty-all-4.1.65.Final.jar
netty-buffer-4.1.65.Final.jar
netty-codec-4.1.65.Final.jar
netty-common-4.1.65.Final.jar
netty-handler-4.1.65.Final.jar
netty-resolver-4.1.65.Final.jar
netty-transport-4.1.65.Final.jar
netty-transport-native-epoll-4.1.65.Final.jar
netty-transport-native-unix-common-4.1.65.Final.jar
okhttp-4.10.0.jar
okio-jvm-3.0.0.jar
websocket-api-9.4.40.v20210413.jar
websocket-client-9.4.40.v20210413.jar
websocket-common-9.4.40.v20210413.jar

needs to be deleted compared to release1.0.0:

animal-sniffer-annotations-1.14.jar
aopalliance-repackaged-3.0.1.jar
checker-qual-2.0.0.jar
checker-qual-3.5.0.jar
commons-beanutils-1.9.3.jar
commons-cli-1.2.jar
commons-codec-1.11.jar
commons-codec-1.13.jar
commons-compress-1.4.1.jar
commons-fileupload-1.4.jar
commons-io-2.7.jar
commons-lang3-3.12.0.jar
commons-lang3-3.4.jar
commons-lang3-3.8.1.jar
commons-logging-1.1.1.jar
commons-math3-3.1.1.jar
commons-net-3.1.jar
commons-net-3.6.jar
commons-text-1.6.jar
commons-text-1.9.jar
curator-client-2.12.0.jar
curator-recipes-2.12.0.jar
error_prone_annotations-2.1.3.jar
error_prone_annotations-2.3.4.jar
gson-2.2.4.jar
gson-2.8.5.jar
guava-25.1-jre.jar
guava-30.0-jre.jar
hadoop-annotations-3.1.1.jar
hadoop-auth-3.1.1.jar
hadoop-client-3.1.1.jar
hadoop-common-3.1.1.jar
hadoop-hdfs-3.1.1.jar
hadoop-hdfs-client-2.10.1.jar
hadoop-hdfs-client-3.1.1.jar
hadoop-mapreduce-client-common-3.1.1.jar
hadoop-mapreduce-client-core-3.1.1.jar
hadoop-mapreduce-client-jobclient-3.1.1.jar
hadoop-yarn-api-3.1.1.jar
hadoop-yarn-client-3.1.1.jar
hadoop-yarn-common-3.1.1.jar
hamcrest-core-1.3.jar
hk2-api-3.0.1.jar
hk2-locator-3.0.1.jar
hk2-utils-3.0.1.jar
httpclient-4.5.2.jar
httpcore-4.4.4.jar
j2objc-annotations-1.1.jar
j2objc-annotations-1.3.jar
jackson-annotations-2.14.0-rc1.jar
jackson-annotations-2.7.0.jar
jackson-annotations-2.9.0.jar
jackson-core-2.14.0-rc1.jar
jackson-core-2.7.8.jar
jackson-core-2.9.9.jar
jackson-databind-2.14.0-rc1.jar
jackson-databind-2.7.8.jar
jackson-databind-2.9.9.3.jar
jackson-datatype-jdk8-2.9.9.jar
jackson-datatype-jsr310-2.9.9.jar
jackson-jaxrs-base-2.14.0-rc1.jar
jackson-jaxrs-base-2.9.9.jar
jackson-jaxrs-json-provider-2.14.0-rc1.jar
jackson-jaxrs-json-provider-2.7.8.jar
jackson-jaxrs-json-provider-2.9.9.jar
jackson-module-jaxb-annotations-2.14.0-rc1.jar
jackson-module-jaxb-annotations-2.7.8.jar
jackson-module-jaxb-annotations-2.9.9.jar
jackson-module-parameter-names-2.9.9.jar
jakarta.activation-api-1.2.2.jar
jakarta.activation-api-2.1.0-RC1.jar
jakarta.annotation-api-2.0.0.jar
jakarta.inject-api-2.0.0.jar
jakarta.validation-api-3.0.0.jar
jakarta.ws.rs-api-3.0.0.jar
jakarta.xml.bind-api-4.0.0-RC2.jar
jersey-apache-connector-3.0.3.jar
jersey-client-3.0.3.jar
jersey-common-3.0.3.jar
jersey-container-servlet-3.0.3.jar
jersey-container-servlet-core-3.0.3.jar
jersey-entity-filtering-3.0.3.jar
jersey-hk2-3.0.3.jar
jersey-media-json-jackson-3.0.3.jar
jersey-server-3.0.3.jar
jetty-http-9.3.19.v20170502.jar
jetty-io-9.3.19.v20170502.jar
jetty-security-9.3.19.v20170502.jar
jetty-server-9.3.19.v20170502.jar
jetty-servlet-9.3.19.v20170502.jar
jetty-util-9.3.19.v20170502.jar
jetty-util-ajax-9.3.19.v20170502.jar
jetty-webapp-9.3.19.v20170502.jar
jetty-xml-9.3.19.v20170502.jar
jline-0.9.94.jar
jsch-0.1.54.jar
junit-4.12.jar
junit-4.13.1.jar
log4j-api-2.11.2.jar
log4j-core-2.11.2.jar
log4j-slf4j-impl-2.11.2.jar
lz4-java-1.7.1.jar
metrics-core-4.0.6.jar
metrics-json-4.0.6.jar
metrics-jvm-4.0.6.jar
netty-3.10.5.Final.jar
netty-all-4.0.52.Final.jar
netty-buffer-4.1.39.Final.jar
netty-common-4.1.39.Final.jar
nimbus-jose-jwt-4.41.1.jar
okhttp-2.7.5.jar
okio-1.6.0.jar
osgi-resource-locator-1.0.3.jar
snappy-java-1.0.5.jar
stax2-api-3.1.4.jar
xz-1.0.jar
zookeeper-3.4.10.jar
zookeeper-3.4.9.jar

@liuxiaocs7 liuxiaocs7 mentioned this issue Dec 15, 2023
Merged
11 tasks
@zhenyuT
Copy link

zhenyuT commented Dec 16, 2023

hugegraph-commons:
apache/incubator-hugegraph-commons#139

add licence: okhttp、jakarta.activation
remove licence: jersey、jakarta.xml.bind-api、jakarta.activation、jakarta.annotation-api

@SunnyBoy-WYH SunnyBoy-WYH mentioned this issue Dec 16, 2023
Merged
11 tasks
@SunnyBoy-WYH
Copy link

Server add/remove license,:apache/incubator-hugegraph#2391

but no notice check ,so we need somebody check notice

@diaohancai
Copy link

diaohancai commented Dec 18, 2023
edited
Loading

computer:

needs to be added compared to release1.0.0:

+bcprov-jdk18on-1.74.jar
+javax.inject-2.5.0-b32.jar
+kotlin-stdlib-1.6.20.jar
+kotlin-stdlib-common-1.5.31.jar
+kotlin-stdlib-common-1.6.20.jar
+kotlin-stdlib-jdk7-1.6.10.jar
+kotlin-stdlib-jdk7-1.6.20.jar
+kotlin-stdlib-jdk8-1.6.10.jar
+kotlin-stdlib-jdk8-1.6.20.jar
+okio-jvm-3.0.0.jar
+okio-jvm-3.2.0.jar
+simple-xml-safe-2.7.1.jar

needs to be removed compared to release1.0.0:

-aopalliance-repackaged-3.0.1.jar
-computer-algorithm-1.0.0.jar
-computer-api-1.0.0.jar
-computer-core-1.0.0.jar
-computer-dist-1.0.0.jar
-computer-driver-1.0.0.jar
-computer-k8s-1.0.0.jar
-computer-k8s-operator-1.0.0.jar
-computer-yarn-1.0.0.jar
-failureaccess-1.0.jar
-hk2-api-3.0.1.jar
-hk2-locator-3.0.1.jar
-hk2-utils-3.0.1.jar
-httpclient-4.5.13.jar
-httpcore-4.4.13.jar
-jakarta.annotation-api-2.0.0.jar
-jakarta.inject-api-2.0.0.jar
-jakarta.validation-api-3.0.0.jar
-jakarta.ws.rs-api-3.0.0.jar
-jakarta.xml.bind-api-4.0.0-RC2.jar
-javax.activation-api-1.2.0.jar
-jaxb-api-2.3.1.jar
-jersey-apache-connector-3.0.3.jar
-jersey-client-3.0.3.jar
-jersey-common-3.0.3.jar
-jersey-container-servlet-3.0.3.jar
-jersey-entity-filtering-3.0.3.jar
-jersey-hk2-3.0.3.jar
-jersey-media-json-jackson-3.0.3.jar
-jersey-server-3.0.3.jar
-mockwebserver-3.12.6.jar
-osgi-resource-locator-1.0.3.jar

PR: apache/incubator-hugegraph-computer#299

@diaohancai diaohancai mentioned this issue Dec 18, 2023
Merged
11 tasks
@VGalaxies VGalaxies mentioned this issue Jun 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@zhenyuT @simon824 @diaohancai @liuxiaocs7 @SunnyBoy-WYH