Hi,
I want to upgrade axis because of vulnerability issue,
Excellent
on maven central I see 83 dependencies.
Yup, that is a lot :-(
Does it mean I will need to submit CQ for each of those and their nested dependencies in order to create recipe for axis2 1.7.0?
I hope not. As the Eclipse Foundation moves to a new IP policies it is getting easier because if code is vetted already nothing more needs to be done. There is a command line tool to automatically check code that will help (
dash-licenses). The Orbit
readme has recently been updated to include:
It's important to ensure that the bundle you're adding has been approved for use in at least one other Eclipse project on IPZilla or ClearlyDefined. In the latter case, please ensure the license is compatible and that the license score is at least 75. See IP Prereq Diligence for further details.
And axis is collection of module, do I need to submit recipe for each module in axis?
I don't know the answer to this one. I suspect some knowledge of the axis project may be needed, so you may be in the best position. Hopefully others on the list can comment regarding similar cases in the past.
I hope to get some feedback to understand the scope of doing this.
I hope that helps and please do ask follow up questions.
Jonah
I see that few or some are already in the repository not sure of the version requirement.
Thanks,
ShiHeng
orbit-dev mailing list
orbit-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/orbit-dev
