...
When merging a pull request, it's important to verify whether or not new commits are pulling in any third party
dependencies that are incompatible with ASF. To check whether the pull request contains invalid dependencies issue
the following command in your terminal:
Code Block |
---|
>> mvn license:aggregate-add-third-party |
This will generate a file THIRD-PARTY.txt in the directory target/generated-sources/license/ that lists the license for each java file in the jar. You can now grep the directory for all licenses which are
not ASF approved licenses.
Code Block |
---|
egrep -iv "BSD|ASF|MIT|CDDL|EPL|Apache|Eclipse|Public Domain" target/generated-sources/license/THIRD-PARTY.txt |
The above grep command does a case insensitive search over all instances of THIRD-PARTY.txt in the project for licenses that are not in the list approved Apache Licenses .
How to do this:
http://stackoverflow.com/questions/3500388/finding-out-the-licenses-of-jar-libraries
The Maven "Project Info Reports" plugin produces a Dependencies report that includes the Licenses for the dependencies.
References:
http://www.apache.org/dev/publishing-maven-artifacts.html
...