Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [locationtech-pmc] GeoTrellis CQs
Hi Jim.

It's not quite that simple.

ClearlyDefined provides license data. We need to have some confidence that the license data is correct and that the licenses are compatible with the project license.

Per the handbook:

If third-party content is not known to IPZilla, then ClearlyDefined can be used. When an entry is known to ClearlyDefined and has a score of at least 75 and all discovered licenses are on the Eclipse Foundation’s approved licenses list, then the content can be used without further action.

As I look at this, I realize that it's not quite right. As you suggested, the effective license score is what we're most interested in, and both the declared and discovered licenses need to match. I'll update this. Note that we've discussed dropping the threshold. 

I'm new to SBT, but I think that this command feeds the Dash License Tool with the information that it needs to sort out what third party content needs further investigation.

[wayne@localhost geotrellis]$ ./sbt dependencyTree | grep -Poh "(?<=\+\-)[^:]+:[^:]+:[^:\s]+" | sort | uniq | java -jar /gitroot/dash/org.eclipse.dash.license/target/org.eclipse.dash.licenses-0.0.1-SNAPSHOT.jar -

The dependencyTree command seems to answer ranges on some dependencies, so that may require some further.

The tool finds 167 items that are good-to-go in ClearlyDefined (so that means at least a few fewer CQs).

GeoTools 23.2 will drop off the list when the corresponding CQ is resolved. I'm looking through the other hits identified by the tool to see if we can map them to existing CQs. In the meantime, if anything obvious jumps out at you as "we have a CQ for that", please let me know.

Wayne 

On Fri, Aug 14, 2020 at 5:13 PM Jim Hughes <jhughes@xxxxxxxx> wrote:

Hi Grigory,

Interesting... I haven't run into the issue that versions on ClearlyDefined.io are out-of-date, but I haven't used it much.

Yes, my understanding is that a library which is found in ClearlyDefined does not need a CQ.

Cheers,

Jim

On 8/14/2020 5:07 PM, Grigory Pomadchin wrote:
Thanks, Jim! 

Yep, i've tried that tool, but it looks like all versions are outdated there and I could not find any of the libraries from the list. Is there a way to keep that list up to date? 

Also, just to confirm, if there is a library found through ClearlyDefined.io it is possible to go without CQs?

Thanks,

Grigory

On Fri, Aug 14, 2020 at 5:01 PM Jim Hughes <jhughes@xxxxxxxx> wrote:

Hi Grisha,

+1 all around!

Have you seen the new rules around using ClearlyDefined.io? 

Cheers,

Jim

On 8/14/2020 1:10 PM, Grigory Pomadchin wrote:

Hi all,

I'd like to request PMC approval for the following GeoTrellis CQs:
Thanks in advance,

Grigory


_______________________________________________
locationtech-pmc mailing list
locationtech-pmc@xxxxxxxxxxx
To unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/locationtech-pmc
_______________________________________________
locationtech-pmc mailing list
locationtech-pmc@xxxxxxxxxxx
To unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/locationtech-pmc


--
Grigory Pomadchin
LinkedIn: http://www.linkedin.com/in/grpomadchin

_______________________________________________
locationtech-pmc mailing list
locationtech-pmc@xxxxxxxxxxx
To unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/locationtech-pmc
_______________________________________________
locationtech-pmc mailing list
locationtech-pmc@xxxxxxxxxxx
To unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/locationtech-pmc


--
The Eclipse Management Organization
Eclipse Foundation

Back to the top