maven-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Heinz Marbaise <>
Subject RFC: Maven License Verifier Plugin
Date Wed, 03 Feb 2010 23:15:07 GMT
Hi there,

i have started with implementing some parts of a new Maven Plugin.

The Maven License Verifier Plugin (MLV for short).

I would present you the idea of the plugin and would like to know if 
someone has some suggestions, idea's, comments etc.

The basic idea is to check every dependency which is used (incl. 
transitive dependencies) of a build (during a mvn ..) and see if all 
artifacts have licenses which are based on the policy (of a company 
etc.) are allowed ...that's often a point in companies...Some companies 
says only allowed is the Apache License (for example)...

The Plugin will use a configuration file which defines different 
categories of Licenses 

The default configuration will not break a build it will just warn about 
artifacts which don't have a license defined or which in a particular 
category (WARN, INVALID or none of them).

About what I'm unsure about is where to define the license.xml file (or 
multiple of them):

Option 1:
Use a particular folder: src/main/licenses/ and put one or more files in 
there which will be automatically be loaded.

Option 2:
Give a single or multiple locations for license.xml files in the 
configuration section for the plugin.

Option 3:
Use an URL to define where to download the license.xml file or may be 
multiple URL's. This could be usefull in Companies to have central 
location where maintain such files which can be used for every project 
in a company...(May be it's possible to store that in a repository 
manager like Nexus ?)

Option 4:
Use an Artifact which can be created and stored into a Maven repository ?

Of course the plugin is configurable in that way to brake the build if 
you do ...(e.g. failOnWarning like ?)...

The other question is how to behave in a reactor build (Multi Module build):
   - Just have a single Configuration (e.g. in Root) and put the 
configuration file(s) there (not sure how to handle this technically)...

And what is needed as well is to be able to exclude particular artifacts 
from being checked (<excludes>...<exclude>.....).. (I have to check how 
to implement this but this is an other question)...

Kind regards
Karl Heinz Marbaise
SoftwareEntwicklung Beratung Schulung    Tel.: +49 (0) 2405 / 415 893
Dipl.Ing.(FH) Karl Heinz Marbaise        ICQ#: 135949029
Hauptstrasse 177                         USt.IdNr: DE191347579
52146 W├╝rselen                 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message