Justin Mclean
Justin Mclean
This needs some updates to comply with https://incubator.apache.org/guides/distribution.html#docker Do you need some help with this?
Please read the document I created yesterday on how to do this, in general dependencies that don't end up in what we release don't need to be mentioned. However, I...
As previously discussed, it does include cause-lite. It doesn't matter that it is a deep nested dependency, its license is not compatible with the Apache license as it is considered...
There are over 350 packages that end up in the WebUI
It is considered Category X (ie. can't be included) if it is not in binary form. Being JS/JSON it's not in binary form. Any non-commercial license will not be able...
But the restriction got further than just including it, it can't be a dependency as it places conditions above what the Apache license allows. The options we have are: -...
I did check all production dependencies, not dev ones, and caniuse-lite is a production dependency. It might be possible that it gets removed, as you say. It's hard to tell,...
Note that the output from `npm list` above only included the top level dependencies you need to use `npm list --depth 3` to see caniuse-lite. Or more correctly `npm list...
Dependencies of dependencies matter with ASF policy. Excluding a dependency from a release artifact doesn't solve the issue. What package manager is used is irrelevant as long as the dependency...
Do you have a suggestion on how to resolve this in line with ASF release and licensing policies?