If delivering a Java application, which uses gradle dependency management and a lot of open source libs from maven-central, is it sufficient to check the licenses of the first-level depedencies (because their dependencies again must automatically be compatible with their license) or do I have to check the entire transitive dependency tree to see if I have a problem with any of the licenses?
Asked
Active
Viewed 596 times
2 Answers
4
You should check the entire tree. Since you'll need the transitive dependencies in runtime you are going to pack them together in one way or another (war/zip/uber-jar), so you do care about their licenses.
JBaruch
- 22,610
- 5
- 62
- 90
-
Thanks, yeah, I thought so. – user1573546 Oct 31 '15 at 11:33
0
If transitive dependency B is under a copyleft license, then your direct dependency should honor this license. Checking all the transitive dependencies is not maintainable and could easily break your project. I believe you are obligated to comply with the licenses of your direct dependencies and your direct dependencies with theirs and so on.
