Skip to end of metadata
Go to start of metadata


See also Taverna Dependencies

Table of Contents:

License requirements

Third-party licenses need to be compatible with being distributed under Apache License 2.0.

Some licenses are already approved by Apache as compatible:

While other licenses are already marked as NOT compatible:

We should not be concerned about licensing for Taverna 2.x, as only Taverna 3.x would be released by the Apache Foundation. To ensure this, any Apache Taverna release should be screened for containing any Taverna 1 or 2 dependencies. (As we intend to change the groupId to org.apache.taverna.* this should be fairly easy to detect and even to add to the pom.xml as an automatic check).

Third party license analysis

The taverna-build project contains a script for finding third-party dependencies using the License Maven plugin. The results are split per license type, as seen in licenses/

There are two lists that need further considerations as part of the Incubation process:

gnu.txt - external GNU GPL and LGPL dependencies

unknown.txt - dependencies which license was not declared in their pom/jar

To see which modules pull in which dependency, see either the dependency-tree.txt or the list of dependencies per module.

GNU GPL/LGPL dependencies

As neither GPL or LGPL are compatible with an Apache release, these dependencies needs to be replaced, removed or externalized before a first Apache Taverna release.

For the updated list, see gnu.txt in the taverna-build project.

Suggest resolutions as of 2014-10-15:

Unknown licenses

unknown.txt contains a list of dependencies which have not had their license declared in the regular ways.

The Licensing Maven plugin includes a mechanism to declare such licenses manually, which we do in src/license/THIRD-PARTY.properties -

To find a license:

  • Use your Google skills
    • (Remember that license could have changed pr version)
  • Add to src/license/THIRD-PARTY.properties using same template:
    • groupid--artifactId–version=The Something License
  • Rerun licenses.sh
  • Check in / pull request the updated licenses/ folder

The list needs to be fully resolved, as there could be hiding additional LGPL dependencies in here.

The com.springsource.* JARs are SpringSource OSGi repackaging of other libraries, e.g. com.springsource.bsh is {{org.beanshell:bsh}} which is LGPL (already in list above)

 

List as of 2014-10-15 (see unknown.txt for updated list):

Apache?:

LGPL:

CDDL?:

BSD?:

Use Apache Incubator version of ODF Toolkit:

Remove/split out :

MIT license:

Sun Public License:

Eclipse Public License:

GPL:

 

Mozilla:

University of Illinois/NCSA Open Source License:

 

Other:

Unknown:

Labels
  • None