Fix NOTICE and LICENSE in the gcp-bundle jar #12144
Conversation
|
@amogh-jahagirdar @rdblue @Fokko This is the update/fix for |
jbonofre
changed the title
gcp-bundle/LICENSE
Outdated
| @@ -325,24 +315,24 @@ License: The Apache Software License, Version 2.0 - http://www.apache.org/licens | |||
|
|
|||
There was a problem hiding this comment.
We need to suppress this and include the stephenc findbugs implementation instead. This one has licensing issues and the stephenc version was built to avoid them. That, or I think if this is only annotations, we can just exclude it. Annotations shouldn't be required at runtime if they are not used at runtime (and these are for compile time).
There was a problem hiding this comment.
Which one ? Not sure I follow you here 😄
There was a problem hiding this comment.
Findbugs (com.google.code.findbugs) I see some contents from META-INF but no actual classes in the bundle bits
0 Fri Feb 01 00:00:00 MST 1980 META-INF/maven/com.google.code.findbugs/
0 Fri Feb 01 00:00:00 MST 1980 META-INF/maven/com.google.code.findbugs/jsr305/
4286 Fri Feb 01 00:00:00 MST 1980 META-INF/maven/com.google.code.findbugs/jsr305/pom.xml
121 Fri Feb 01 00:00:00 MST 1980 META-INF/maven/com.google.code.findbugs/jsr305/pom.properties
I'd be +1 on excluding it.
There was a problem hiding this comment.
Yes, it's what I see as well, but as I still see resources from jsr305 (even if very limited), I preferred to keep it.
There was a problem hiding this comment.
Sure, since these are compile time could we just exclude the bundling of this dependency entirely in the building of the shadowjar? Then we could just remove it entirely from LICENSE.
exclude(dependency('com.google.code.findbugs:jsr305'))
There was a problem hiding this comment.
I agree. Let me clean it up. Even if gradle keeps pom it's not a problem.
There was a problem hiding this comment.
The license of findbugs was unclear because of a reference to LGPL (see findbugsproject/findbugs#128). The implementation we use elsewhere was built to avoid the problem: https://github.com/stephenc/findbugs-annotations?tab=readme-ov-file#rational
There was a problem hiding this comment.
@amogh-jahagirdar I removed the mention of jsr305.
@rdblue thanks for the details (LICENSE/NOTICE is a tricky work and often different view from everyone 😄 ). I removed jsr305 as it's excluded from the gcp-bundle jar.
jbonofre
force-pushed
the
notice-fix-gcp-bundle
branch
from
af1914d to
74805ce
Compare
github-actions
bot
added
API
spark
core
data
INFRA
docs
build
AWS
Specification
jbonofre
force-pushed
the
notice-fix-gcp-bundle
branch
from
dd65138 to
b06855b
Compare
jbonofre
force-pushed
the
notice-fix-gcp-bundle
branch
from
b06855b to
75e0be1
Compare
jbonofre
force-pushed
the
notice-fix-gcp-bundle
branch
from
75e0be1 to
4f837d7
Compare
jbonofre
force-pushed
the
notice-fix-gcp-bundle
branch
from
4f837d7 to
da79d81
Compare
|
@rdblue I think I addressed all comments. Can you please do a new pass ? Thanks ! |
Co-authored-by: Fokko Driesprong <[email protected]>
This change includes:
LICENSEandNOTICEopencensus-protofromLICENSEas not found in the runtime classpath and the jario.opentelemetry:*inLICENSEas the classes are in the jarNOTICENOTICEcontentNOTICEcontentNOTICEcontent