From issues-return-156220-archive-asf-public=cust-asf.ponee.io@maven.apache.org Mon Nov 25 08:00:11 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id AAFF3180607 for ; Mon, 25 Nov 2019 09:00:10 +0100 (CET) Received: (qmail 41753 invoked by uid 500); 25 Nov 2019 08:00:05 -0000 Mailing-List: contact issues-help@maven.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@maven.apache.org Delivered-To: mailing list issues@maven.apache.org Received: (qmail 41318 invoked by uid 99); 25 Nov 2019 08:00:04 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Nov 2019 08:00:04 +0000 Received: from jira-he-de.apache.org (static.172.67.40.188.clients.your-server.de [188.40.67.172]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id E5F79E30BD for ; Mon, 25 Nov 2019 08:00:03 +0000 (UTC) Received: from jira-he-de.apache.org (localhost.localdomain [127.0.0.1]) by jira-he-de.apache.org (ASF Mail Server at jira-he-de.apache.org) with ESMTP id 8A51D7822C5 for ; Mon, 25 Nov 2019 08:00:01 +0000 (UTC) Date: Mon, 25 Nov 2019 08:00:01 +0000 (UTC) From: "Hudson (Jira)" To: issues@maven.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (MNG-6771) Fix license issues on binary distribution MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/MNG-6771?page=3Dcom.atlassian.j= ira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D169813= 61#comment-16981361 ]=20 Hudson commented on MNG-6771: ----------------------------- Build unstable in Jenkins: Maven TLP =C2=BB maven =C2=BB MNG-6656 #23 See https://builds.apache.org/job/maven-box/job/maven/job/MNG-6656/23/ > Fix license issues on binary distribution > ----------------------------------------- > > Key: MNG-6771 > URL: https://issues.apache.org/jira/browse/MNG-6771 > Project: Maven > Issue Type: Bug > Components: General > Affects Versions: 3.6.2 > Reporter: Vladimir Sitnikov > Assignee: Enrico Olivelli > Priority: Major > Labels: licenses > Fix For: 3.6.3 > > Time Spent: 20m > Remaining Estimate: 0h > > Please feel free to adjust the priority, however=C2=A0[http://www.apache.= org/legal/release-policy.html#licensing]=C2=A0says that=C2=A0license cleara= nce is a must, thus I report this as a Blocker. > {quote}Every ASF release MUST comply with ASF licensing policy. This requ= irement is of utmost importance > {quote} > I downloaded apache-maven-3.6.2-bin.zip, and I see the following issues w= ith it (note: there might be more): > h2. 1) jcl-over-slf4j:1.7.25 > in apache-maven-3.6.2/LICENSE: > {quote} - JCL 1.2 implemented over SLF4J ([http://www.slf4j.org|http://ww= w.slf4j.org/]) org.slf4j:jcl-over-slf4j:jar:1.7.25 > License: MIT License (MIT) [http://www.opensource.org/licenses/mit-licen= se.php] (lib/jcl-over-slf4j.license){quote} > The license for the artifact is most likely Apache 2.0 rather than MIT: [= https://github.com/qos-ch/slf4j/tree/master/jcl-over-slf4j] > h2. 2) slf4j-api:1.7.25 > in apache-maven-3.6.2/LICENSE: > {quote} - SLF4J API Module ([http://www.slf4j.org|http://www.slf4j.org/])= org.slf4j:slf4j-api:jar:1.7.25 > License: MIT License (MIT) [http://www.opensource.org/licenses/mit-licen= se.php] (lib/slf4j-api.license){quote} > Maven does not comply with SLF4j license. > Here's license for SLF4j: [https://www.slf4j.org/license.html] > It requires to include slf4j copyright notice, however, Maven fails to d= o that > h2. 3)=C2=A0MIT license > [http://www.opensource.org/licenses/mit-license.php]=C2=A0must not be use= d as it almost never points to a true license. It is extremely unlucky that= someone would copyright their work as "Copyright (c) " > h2. 4) org.eclipse.sisu.inject:0.3.3 > in apache-maven-3.6.2/LICENSE: > {quote} - org.eclipse.sisu.inject ([http://www.eclipse.org/sisu/org.eclip= se.sisu.inject/]) org.eclipse.sisu:org.eclipse.sisu.inject:eclipse-plugin:0= .3.3 > License: Eclipse Public License, Version 1.0 (EPL-1.0) [http://www.eclip= se.org/legal/epl-v10.html] (lib/org.eclipse.sisu.inject.license){quote} > The link to eclipse.org/sisu responds with 404. > sisu might have their own copyright notices that should be retained, howe= ver Maven re-distributes none of them (org.eclipse.sisu.inject.site-0.3.3.z= ip has notice.html file which is not present in Maven re-distribution) > h2. 5) ASM in org.eclipse.sisu.inject-0.3.3.jar > lib/org.eclipse.sisu.inject-0.3.3.jar bundles ASM. ASM is MIT licensed, t= hus every re-distribution MUST retain ASM copyright notice. > Maven re-distributes ASM and fails to comply with ASM license. > h2. 6) jsoup in wagon-http-3.3.3-shaded.jar > lib/wagon-http-3.3.3-shaded.jar bundles jsoup ([https://jsoup.org/license= ]) which is MIT-licensed. Maven fails to comply with jsoup license. -- This message was sent by Atlassian Jira (v8.3.4#803005)