maven-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Struberg <strub...@yahoo.de>
Subject Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Date Sun, 12 Jun 2011 16:01:04 GMT
Nah sorry, I think I was not clear enough:

What I was talking about: IF a lot more artifacts would have an explicit <license> section
in their poms, then it would be easier for tools (e.g. apache-rat and the maven-dependency-plugin)
to check those dependencies and list/evaluate em.

By asking the user for the licenses (a numbered bullet list like we have in the archetype
plugin + an option for a free string entry) we could possibly heavily increase the amount
of artifacts with a <license> section. This would certainly take some time, but after
1 year, this should really take off.

Another way would be to parse for META-INF/Manifest info and LICENSE files inside the artifacts
and propagate it to the poms. But this is rather delicate to handle...

I know this is not directly solving your current problem, but it could help to preventing
us from getting this problem in the future.

LieGrue,
strub


--- On Sun, 6/12/11, Benson Margulies <bimargulies@gmail.com> wrote:

> From: Benson Margulies <bimargulies@gmail.com>
> Subject: Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
> To: "Maven Developers List" <dev@maven.apache.org>
> Date: Sunday, June 12, 2011, 3:40 PM
> There's no such thing as a
> 'retroactive license change', though
> perhaps the Tanuki-person has managed a sufficient
> approximation. Is
> there?
> 
> Once upon a time, he/they released some version of JSW
> under a
> friendly licence, and it pushed to central. The grant of
> that license
> to that version is effectively irrevocable. Subsequent
> versions may
> have different licenses, and the author might have removed
> the old
> version -- though if it was really licensed with a
> permissive license
> some other person could put it back.
> 
> 
> On Sun, Jun 12, 2011 at 11:32 AM, Mark Struberg <struberg@yahoo.de>
> wrote:
> > just an idea: what about extending the
> maven-release-plugin to ask for a license  if the pom
> doesn't contain a <license> section?
> >
> > LieGrue,
> > strub
> >
> > --- On Sun, 6/12/11, Robert Burrell Donkin <robertburrelldonkin@gmail.com>
> wrote:
> >
> >> From: Robert Burrell Donkin <robertburrelldonkin@gmail.com>
> >> Subject: [REDUX] Java Service Wrappers (JSW)
> unfortunate license change
> >> To: "Maven Developers List" <dev@maven.apache.org>
> >> Date: Sunday, June 12, 2011, 3:26 PM
> >> (This is continuation of a thread
> >> from 2008[1]. It's now impacting the
> >> release of Apache James 3. If the topic is too far
> OT
> >> please shout ;-)
> >>
> >>
> >> The JSW artifacts in Maven Central [2] now seem to
> lack a
> >> public
> >> license (in other words, a unilateral license
> allowing the
> >> public to
> >> distribute and download the artifact)
> >>
> >> AFACT (please jump in if there's anything I've
> missed or
> >> misunderstood) to fix this particular problem the
> community
> >> needs to
> >> * Remove JSW runtime dependency from appassembler
> >> * Remove the artifact from maven central
> >> * Fork the source and release replacement
> artifacts with
> >> clean IP
> >> * Cut a new appassembler release
> >>
> >> My computer time is limited ATM so if any help
> would be
> >> really appreciated...
> >>
> >>
> >>
> >> In this brave new world of retroactive license
> changes,
> >> this is a good
> >> example of an important problem. The licenses
> issued by the
> >> original
> >> authority for an artifact may change over time,
> and the
> >> license which
> >> a downstream consumer of that artifact may rely
> upon may no
> >> longer be
> >> issued by the upstream authority for that
> artifact. This
> >> allows
> >> bait-and-switch tactics by upstream producers. To
> avoid
> >> potential
> >> issues in the future for downstream users and
> those
> >> operating Maven
> >> central, I think the Maven community needs to
> start
> >> thinking about
> >> this problem now.
> >>
> >>
> >> More specifically, reliable write-license
> meta-data in the
> >> repository
> >> could be used to verify at release time that the
> >> dependencies have
> >> licenses that satisfy some sort of policy. This is
> the sort
> >> of fits
> >> with Rat  but Rat has stalled in the Incubator
> since
> >> there's no
> >> obvious way home after graduation. My recovery
> continues
> >> but my
> >> computer time is still limited. Suggestions,
> opinions,
> >> ideas and
> >> offers for help welcomed.
> >>
> >> (Out of time)
> >>
> >> Robert
> >>
> >> [1] http://www.mail-archive.com/dev@maven.apache.org/msg74005.html
> >> [2] http://search.maven.org/#search|gav|1|g%3A%22tanukisoft%22%20AND%20a%3A%22wrapper-delta-pack%22
> >>
> >>
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> >> For additional commands, e-mail: dev-help@maven.apache.org
> >>
> >>
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> > For additional commands, e-mail: dev-help@maven.apache.org
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org


Mime
View raw message