检查 licenses/notice 合规性

simon824 commented 8 months ago

对比 release-1.2.0 和 release-1.0.0 分支，known-dependencies.txt 文件的差异，找出新增和删除的依赖。（版本变更不属于新增或删除，可以跳过）
对于新增的依赖要做以下操作新增 license/notice，被删除的依赖则删除 license/notice。
1. 找到第三方依赖的仓库，将依赖的 license 文件放到 ./hugegraph-server/hugegraph-dist/release-docs/licenses/ 路径下。
2. 在./hugegraph-dist/release-docs/LICENSE 中声明该依赖的 LICENSE 信息。
3. 找到仓库里的 NOTICE 文件，将其追加到 ./hugegraph-server/hugegraph-dist/release-docs/NOTICE 文件后面（如果没有NOTICE文件则跳过这一步）。

例如：在项目中引入了第三方新依赖 -> ant-1.9.1.jar

项目源码位于：https://github.com/apache/ant/tree/rel/1.9.1
LICENSE 文件：https://github.com/apache/ant/blob/rel/1.9.1/LICENSE
NOTICE 文件：https://github.com/apache/ant/blob/rel/1.9.1/NOTICE

ant-1.9.1.jar` 的 license 信息需要在 LICENSE 文件中指定，notice 信息需要在 NOTICE 文件中指定。 ant-1.9.1.jar 对应的详细 LICENSE 文件需要复制到我们的 licenses/ 目录下。最后更新 known-dependencies.txt 文件。

在此处汇总依赖信息，附上依赖的license/notice链接，不同仓库之间的依赖可能重复，不用重复找。

1. hugegraph

2. hugegraph-toolchain

[ ] https://github.com/apache/incubator-hugegraph-toolchain/pull/561 @liuxiaocs7

3. hugegraph-computer

4. hugegraph-commons

4.1. 需要删除 license/notice 的依赖

hk2-api-3.0.1.jar
hk2-locator-3.0.1.jar
hk2-utils-3.0.1.jar
httpclient-4.5.13.jar
httpcore-4.4.13.jar
aopalliance-repackaged-3.0.1.jar
jakarta.annotation-api-2.0.0.jar
jakarta.inject-api-2.0.0.jar
jakarta.ws.rs-api-3.0.0.jar
jakarta.xml.bind-api-4.0.0-RC2.jar
javax.activation-api-1.2.0.jar
jaxb-api-2.3.1.jar
jersey-apache-connector-3.0.3.jar
jersey-client-3.0.3.jar
jersey-common-3.0.3.jar
jersey-entity-filtering-3.0.3.jar
jersey-hk2-3.0.3.jar
jersey-media-json-jackson-3.0.3.jar
osgi-resource-locator-1.0.3.jar

4.2. 需要增加 license/notice 的依赖

kotlin-stdlib-1.6.20.jar
kotlin-stdlib-common-1.5.31.jar
kotlin-stdlib-jdk7-1.6.10.jar
kotlin-stdlib-jdk8-1.6.10.jar
logging-interceptor-4.10.0.jar
lombok-1.18.8.jar
okhttp-4.10.0.jar
okio-jvm-3.0.0.jar

liuxiaocs7 commented 8 months ago

ToolChain:

release-1.0.0: https://github.com/apache/incubator-hugegraph-toolchain/blob/release-1.0.0/hugegraph-dist/scripts/dependency/known-dependencies.txt

release-1.2.0: https://github.com/apache/incubator-hugegraph-toolchain/blob/release-1.2.0/hugegraph-dist/scripts/dependency/known-dependencies.txt

needs to be added compared to release1.0.0:

annotations-13.0.jar
checker-qual-3.33.0.jar
commons-fileupload-1.5.jar
commons-io-2.8.0.jar
commons-net-3.9.0.jar
commons-text-1.10.0.jar
curator-framework-4.2.0.jar
error_prone_annotations-2.18.0.jar
gson-2.8.9.jar
guava-32.0.1-jre.jar
hadoop-client-3.3.1.jar
hadoop-hdfs-3.3.1.jar
hadoop-hdfs-client-3.3.1.jar
hadoop-mapreduce-client-common-3.3.1.jar
hadoop-mapreduce-client-core-3.3.1.jar
hadoop-mapreduce-client-jobclient-3.3.1.jar
hadoop-yarn-api-3.3.1.jar
hadoop-yarn-client-3.3.1.jar
hadoop-yarn-common-3.3.1.jar
j2objc-annotations-2.8.jar
jackson-datatype-jdk8-2.12.3.jar
jackson-datatype-jsr310-2.12.3.jar
jackson-jaxrs-base-2.12.3.jar
jackson-jaxrs-json-provider-2.12.3.jar
jackson-module-parameter-names-2.12.3.jar
javassist-3.25.0-GA.jar
javax.inject-2.5.0-b32.jar
javax.inject-2.5.0-b42.jar
jersey-container-servlet-core-2.25.1.jar
jersey-container-servlet-core-2.27.jar
jetty-client-9.4.40.v20210413.jar
jline-3.9.0.jar
jsr305-3.0.2.jar
kotlin-stdlib-1.6.20.jar
kotlin-stdlib-common-1.5.31.jar
kotlin-stdlib-jdk7-1.2.71.jar
kotlin-stdlib-jdk7-1.6.10.jar
kotlin-stdlib-jdk8-1.2.71.jar
kotlin-stdlib-jdk8-1.6.10.jar
logging-interceptor-4.10.0.jar
netty-3.10.6.Final.jar
netty-all-4.1.65.Final.jar
netty-buffer-4.1.65.Final.jar
netty-codec-4.1.65.Final.jar
netty-common-4.1.65.Final.jar
netty-handler-4.1.65.Final.jar
netty-resolver-4.1.65.Final.jar
netty-transport-4.1.65.Final.jar
netty-transport-native-epoll-4.1.65.Final.jar
netty-transport-native-unix-common-4.1.65.Final.jar
okhttp-4.10.0.jar
okio-jvm-3.0.0.jar
websocket-api-9.4.40.v20210413.jar
websocket-client-9.4.40.v20210413.jar
websocket-common-9.4.40.v20210413.jar

needs to be deleted compared to release1.0.0:

animal-sniffer-annotations-1.14.jar
aopalliance-repackaged-3.0.1.jar
checker-qual-2.0.0.jar
checker-qual-3.5.0.jar
commons-beanutils-1.9.3.jar
commons-cli-1.2.jar
commons-codec-1.11.jar
commons-codec-1.13.jar
commons-compress-1.4.1.jar
commons-fileupload-1.4.jar
commons-io-2.7.jar
commons-lang3-3.12.0.jar
commons-lang3-3.4.jar
commons-lang3-3.8.1.jar
commons-logging-1.1.1.jar
commons-math3-3.1.1.jar
commons-net-3.1.jar
commons-net-3.6.jar
commons-text-1.6.jar
commons-text-1.9.jar
curator-client-2.12.0.jar
curator-recipes-2.12.0.jar
error_prone_annotations-2.1.3.jar
error_prone_annotations-2.3.4.jar
gson-2.2.4.jar
gson-2.8.5.jar
guava-25.1-jre.jar
guava-30.0-jre.jar
hadoop-annotations-3.1.1.jar
hadoop-auth-3.1.1.jar
hadoop-client-3.1.1.jar
hadoop-common-3.1.1.jar
hadoop-hdfs-3.1.1.jar
hadoop-hdfs-client-2.10.1.jar
hadoop-hdfs-client-3.1.1.jar
hadoop-mapreduce-client-common-3.1.1.jar
hadoop-mapreduce-client-core-3.1.1.jar
hadoop-mapreduce-client-jobclient-3.1.1.jar
hadoop-yarn-api-3.1.1.jar
hadoop-yarn-client-3.1.1.jar
hadoop-yarn-common-3.1.1.jar
hamcrest-core-1.3.jar
hk2-api-3.0.1.jar
hk2-locator-3.0.1.jar
hk2-utils-3.0.1.jar
httpclient-4.5.2.jar
httpcore-4.4.4.jar
j2objc-annotations-1.1.jar
j2objc-annotations-1.3.jar
jackson-annotations-2.14.0-rc1.jar
jackson-annotations-2.7.0.jar
jackson-annotations-2.9.0.jar
jackson-core-2.14.0-rc1.jar
jackson-core-2.7.8.jar
jackson-core-2.9.9.jar
jackson-databind-2.14.0-rc1.jar
jackson-databind-2.7.8.jar
jackson-databind-2.9.9.3.jar
jackson-datatype-jdk8-2.9.9.jar
jackson-datatype-jsr310-2.9.9.jar
jackson-jaxrs-base-2.14.0-rc1.jar
jackson-jaxrs-base-2.9.9.jar
jackson-jaxrs-json-provider-2.14.0-rc1.jar
jackson-jaxrs-json-provider-2.7.8.jar
jackson-jaxrs-json-provider-2.9.9.jar
jackson-module-jaxb-annotations-2.14.0-rc1.jar
jackson-module-jaxb-annotations-2.7.8.jar
jackson-module-jaxb-annotations-2.9.9.jar
jackson-module-parameter-names-2.9.9.jar
jakarta.activation-api-1.2.2.jar
jakarta.activation-api-2.1.0-RC1.jar
jakarta.annotation-api-2.0.0.jar
jakarta.inject-api-2.0.0.jar
jakarta.validation-api-3.0.0.jar
jakarta.ws.rs-api-3.0.0.jar
jakarta.xml.bind-api-4.0.0-RC2.jar
jersey-apache-connector-3.0.3.jar
jersey-client-3.0.3.jar
jersey-common-3.0.3.jar
jersey-container-servlet-3.0.3.jar
jersey-container-servlet-core-3.0.3.jar
jersey-entity-filtering-3.0.3.jar
jersey-hk2-3.0.3.jar
jersey-media-json-jackson-3.0.3.jar
jersey-server-3.0.3.jar
jetty-http-9.3.19.v20170502.jar
jetty-io-9.3.19.v20170502.jar
jetty-security-9.3.19.v20170502.jar
jetty-server-9.3.19.v20170502.jar
jetty-servlet-9.3.19.v20170502.jar
jetty-util-9.3.19.v20170502.jar
jetty-util-ajax-9.3.19.v20170502.jar
jetty-webapp-9.3.19.v20170502.jar
jetty-xml-9.3.19.v20170502.jar
jline-0.9.94.jar
jsch-0.1.54.jar
junit-4.12.jar
junit-4.13.1.jar
log4j-api-2.11.2.jar
log4j-core-2.11.2.jar
log4j-slf4j-impl-2.11.2.jar
lz4-java-1.7.1.jar
metrics-core-4.0.6.jar
metrics-json-4.0.6.jar
metrics-jvm-4.0.6.jar
netty-3.10.5.Final.jar
netty-all-4.0.52.Final.jar
netty-buffer-4.1.39.Final.jar
netty-common-4.1.39.Final.jar
nimbus-jose-jwt-4.41.1.jar
okhttp-2.7.5.jar
okio-1.6.0.jar
osgi-resource-locator-1.0.3.jar
snappy-java-1.0.5.jar
stax2-api-3.1.4.jar
xz-1.0.jar
zookeeper-3.4.10.jar
zookeeper-3.4.9.jar

zhenyuT commented 8 months ago

hugegraph-commons: https://github.com/apache/incubator-hugegraph-commons/pull/139

add licence: okhttp、jakarta.activation remove licence: jersey、jakarta.xml.bind-api、jakarta.activation、jakarta.annotation-api

SunnyBoy-WYH commented 8 months ago

Server add/remove license,:https://github.com/apache/incubator-hugegraph/pull/2391

but no notice check ,so we need somebody check notice

diaohancai commented 8 months ago

computer:

needs to be added compared to release1.0.0:

+bcprov-jdk18on-1.74.jar
+javax.inject-2.5.0-b32.jar
+kotlin-stdlib-1.6.20.jar
+kotlin-stdlib-common-1.5.31.jar
+kotlin-stdlib-common-1.6.20.jar
+kotlin-stdlib-jdk7-1.6.10.jar
+kotlin-stdlib-jdk7-1.6.20.jar
+kotlin-stdlib-jdk8-1.6.10.jar
+kotlin-stdlib-jdk8-1.6.20.jar
+okio-jvm-3.0.0.jar
+okio-jvm-3.2.0.jar
+simple-xml-safe-2.7.1.jar

needs to be removed compared to release1.0.0:

-aopalliance-repackaged-3.0.1.jar
-computer-algorithm-1.0.0.jar
-computer-api-1.0.0.jar
-computer-core-1.0.0.jar
-computer-dist-1.0.0.jar
-computer-driver-1.0.0.jar
-computer-k8s-1.0.0.jar
-computer-k8s-operator-1.0.0.jar
-computer-yarn-1.0.0.jar
-failureaccess-1.0.jar
-hk2-api-3.0.1.jar
-hk2-locator-3.0.1.jar
-hk2-utils-3.0.1.jar
-httpclient-4.5.13.jar
-httpcore-4.4.13.jar
-jakarta.annotation-api-2.0.0.jar
-jakarta.inject-api-2.0.0.jar
-jakarta.validation-api-3.0.0.jar
-jakarta.ws.rs-api-3.0.0.jar
-jakarta.xml.bind-api-4.0.0-RC2.jar
-javax.activation-api-1.2.0.jar
-jaxb-api-2.3.1.jar
-jersey-apache-connector-3.0.3.jar
-jersey-client-3.0.3.jar
-jersey-common-3.0.3.jar
-jersey-container-servlet-3.0.3.jar
-jersey-entity-filtering-3.0.3.jar
-jersey-hk2-3.0.3.jar
-jersey-media-json-jackson-3.0.3.jar
-jersey-server-3.0.3.jar
-mockwebserver-3.12.6.jar
-osgi-resource-locator-1.0.3.jar

PR: https://github.com/apache/incubator-hugegraph-computer/pull/299

hugegraph / actions