maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anders Hammar <>
Subject Re: RFC: Maven License Verifier Plugin
Date Thu, 04 Feb 2010 07:23:57 GMT
Maybe have a look how the assembly plugin works with descriptors? Having
pre-defined configs that can be referenced by id/name could be handy.
However, I'm not sure if using a URL to download the descriptor/config is a
good idea. I'm thinking that that could be misused by linking to configs
outside your environment that change or can't sometimes be downloaded.

I would start simple and then add new possibilities. What would be very
nice, is if you implement this in modules so that the functionality can be
used by other types of plugins as well, such as a Nexus plugin to verify
this centrally in a repo manager. But I guess you could re-factor that later


On Thu, Feb 4, 2010 at 00:15, Karl Heinz Marbaise <> wrote:

> Hi there,
> i have started with implementing some parts of a new Maven Plugin.
> The Maven License Verifier Plugin (MLV for short).
> I would present you the idea of the plugin and would like to know if
> someone has some suggestions, idea's, comments etc.
> The basic idea is to check every dependency which is used (incl. transitive
> dependencies) of a build (during a mvn ..) and see if all artifacts have
> licenses which are based on the policy (of a company etc.) are allowed
> ...that's often a point in companies...Some companies says only allowed is
> the Apache License (for example)...
> The Plugin will use a configuration file which defines different categories
> of Licenses (
> The default configuration will not break a build it will just warn about
> artifacts which don't have a license defined or which in a particular
> category (WARN, INVALID or none of them).
> About what I'm unsure about is where to define the license.xml file (or
> multiple of them):
> Option 1:
> Use a particular folder: src/main/licenses/ and put one or more files in
> there which will be automatically be loaded.
> Option 2:
> Give a single or multiple locations for license.xml files in the
> configuration section for the plugin.
> Option 3:
> Use an URL to define where to download the license.xml file or may be
> multiple URL's. This could be usefull in Companies to have central location
> where maintain such files which can be used for every project in a
> company...(May be it's possible to store that in a repository manager like
> Nexus ?)
> Option 4:
> Use an Artifact which can be created and stored into a Maven repository ?
> Of course the plugin is configurable in that way to brake the build if you
> do ...(e.g. failOnWarning like ?)...
> The other question is how to behave in a reactor build (Multi Module
> build):
>  - Just have a single Configuration (e.g. in Root) and put the
> configuration file(s) there (not sure how to handle this technically)...
> And what is needed as well is to be able to exclude particular artifacts
> from being checked (<excludes>...<exclude>.....).. (I have to check how to
> implement this but this is an other question)...
> Kind regards
> Karl Heinz Marbaise
> --
> SoftwareEntwicklung Beratung Schulung    Tel.: +49 (0) 2405 / 415 893
> Dipl.Ing.(FH) Karl Heinz Marbaise        ICQ#: 135949029
> Hauptstrasse 177                         USt.IdNr: DE191347579
> 52146 W├╝rselen                 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message