maven-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Struberg <strub...@yahoo.de>
Subject Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Date Sun, 12 Jun 2011 15:32:37 GMT
just an idea: what about extending the maven-release-plugin to ask for a license  if the pom
doesn't contain a <license> section?

LieGrue,
strub

--- On Sun, 6/12/11, Robert Burrell Donkin <robertburrelldonkin@gmail.com> wrote:

> From: Robert Burrell Donkin <robertburrelldonkin@gmail.com>
> Subject: [REDUX] Java Service Wrappers (JSW) unfortunate license change
> To: "Maven Developers List" <dev@maven.apache.org>
> Date: Sunday, June 12, 2011, 3:26 PM
> (This is continuation of a thread
> from 2008[1]. It's now impacting the
> release of Apache James 3. If the topic is too far OT
> please shout ;-)
> 
> 
> The JSW artifacts in Maven Central [2] now seem to lack a
> public
> license (in other words, a unilateral license allowing the
> public to
> distribute and download the artifact)
> 
> AFACT (please jump in if there's anything I've missed or
> misunderstood) to fix this particular problem the community
> needs to
> * Remove JSW runtime dependency from appassembler
> * Remove the artifact from maven central
> * Fork the source and release replacement artifacts with
> clean IP
> * Cut a new appassembler release
> 
> My computer time is limited ATM so if any help would be
> really appreciated...
> 
> 
> 
> In this brave new world of retroactive license changes,
> this is a good
> example of an important problem. The licenses issued by the
> original
> authority for an artifact may change over time, and the
> license which
> a downstream consumer of that artifact may rely upon may no
> longer be
> issued by the upstream authority for that artifact. This
> allows
> bait-and-switch tactics by upstream producers. To avoid
> potential
> issues in the future for downstream users and those
> operating Maven
> central, I think the Maven community needs to start
> thinking about
> this problem now.
> 
> 
> More specifically, reliable write-license meta-data in the
> repository
> could be used to verify at release time that the
> dependencies have
> licenses that satisfy some sort of policy. This is the sort
> of fits
> with Rat  but Rat has stalled in the Incubator since
> there's no
> obvious way home after graduation. My recovery continues
> but my
> computer time is still limited. Suggestions, opinions,
> ideas and
> offers for help welcomed.
> 
> (Out of time)
> 
> Robert
> 
> [1] http://www.mail-archive.com/dev@maven.apache.org/msg74005.html
> [2] http://search.maven.org/#search|gav|1|g%3A%22tanukisoft%22%20AND%20a%3A%22wrapper-delta-pack%22
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org


Mime
View raw message