[
https://issues.apache.org/jira/browse/MJAVADOC-669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thorsten Glaser updated MJAVADOC-669:
-------------------------------------
Description:
A javadoc JAR generated by the Maven Javadoc Plugin 3.2.0 contains multiple
components under the MIT licence:
* jQuery 3.5.1
** {{jquery/external/jquery/jquery.js}}
** {{jquery/jquery-3.5.1.js}} (duplicate of the above, blowing up the PKZIP
archive size of the JAR, why is it included like this?)
* JSZip 3.2.1
** {{jquery/jszip/dist/jszip.js}}
** {{jquery/jszip-utils/dist/jszip-utils-ie.js}}
** {{jquery/jszip-utils/dist/jszip-utils.js}}{{}}
* jQuery UI 1.12.1
** {{jquery/jquery-ui.css}}
** {{jquery/jquery-ui.js}}
** {{jquery/jquery-ui.structure.css}}
* and their respective minified versions
It also contains {{script.js}} and {{search.js}} which are
GPLv2-with-Classpath-exception-licenced and refer to “as provided by Oracle in
the LICENSE file that accompanied this code” but no such file accompanies said
code.
There are also multiple static {{resources}} and {{jquery/images}} whose
licence is not documented.
The MIT licence specifically *requires* that “The […] copyright notice and this
permission notice [the licence body] shall be included in all copies or
substantial portions of the Software.” The distribution PKZIP archives (JAR
files) created by the Maven Javadoc Plugin violate this licence, making them
not redistributable.
Similarily, the GPLv2 used by the Oracle-provided files *requires* that
redistributors “give any other recipients of the Program a copy of this License
along with the Program.” The “if not, write to the Free Software Foundation”
comment is specifically *not sufficient* for this and only provided as fallback
should distributors violate this clause, as Maven Javadoc Plugin-generated
PKZIP archives do. To be effective, the Classpath exception must also be
provided.
h2. Suggested fix
Include the following new files:
* {{jquery/LICENCE}} containing the MIT licence and all respective copyright
notices for the various jQuery-related projects (including those _they_
include, i.e. Sizzle, widget.js, position.js, keycode.js, unique-id.js,
widgets/autocomplete.js, widgets/menu.js, pako, and possibly others)
* {{js/LICENSE}} (creating a new subdirectory) containing the Classpath
exception as provided by Oracle
* {{COPYING}} or {{js/COPYING}} (this being the customary name for this file)
containing the verbatim text of the GNU GPL version 2
* Ideally, add a top-level {{LICENCE}} file pointing out those three and
briefly documenting the licence of all other nōn-generated files and state all
other files are generated from the original project and share its licence
was:
A javadoc JAR generated by the Maven Javadoc Plugin 3.2.0 contains multiple
components under the MIT licence:
* jQuery 3.5.1
** {{jquery/external/jquery/jquery.js}}
** {{jquery/jquery-3.5.1.js}} (duplicate of the above, blowing up the PKZIP
archive size of the JAR, why is it included like this?)
* JSZip 3.2.1
** {{jquery/jszip/dist/jszip.js}}
** {{jquery/jszip-utils/dist/jszip-utils-ie.js}}
** {{jquery/jszip-utils/dist/jszip-utils.js}}{{}}
* jQuery UI 1.12.1
** {{jquery/jquery-ui.css}}
** {{jquery/jquery-ui.js}}
** {{jquery/jquery-ui.structure.css}}
* and their respective minified versions
It also contains {{script.js}} and {{search.js}} which are
GPLv2-with-Classpath-exception-licenced and refer to “as provided by Oracle in
the LICENSE file that accompanied this code” but no such file accompanies said
code.
There are also multiple static {{resources}} and {{jquery/images}} whose
licence is not documented.
The MIT licence specifically *requires* that “The […] copyright notice and this
permission notice [the licence body] shall be included in all copies or
substantial portions of the Software.” The distribution PKZIP archives (JAR
files) created by the Maven Javadoc Plugin violate this licence, making them
not redistributable.
Similarily, the GPLv2 used by the Oracle-provided files *requires* that
redistributors “give any other recipients of the Program a copy of this License
along with the Program.” The “if not, write to the Free Software Foundation”
comment is specifically *not sufficient* for this and only provided as fallback
should distributors violate this clause, as Maven Javadoc Plugin-generated
PKZIP archives do. To be effective, the Classpath exception must also be
provided.
h2. Suggested fix
Include the following new files:
* {{jquery/LICENCE}} containing the MIT licence and all respective copyright
notices for the various jQuery-related projects (including those _they_
include, i.e. Sizzle, widget.js, position.js, keycode.js, unique-id.js,
widgets/autocomplete.js, widgets/menu.js, pako, and possibly others)
* {{js/LICENSE}} (creating a new subdirectory) containing the Classpath
exception as provided by Oracle
* {{COPYING}} or {{js/COPYING}} (this being the customary name for this file)
containing the verbatim text of the GNU GPL version 2
> Generated javadoc JARs contain jQuery and other MIT-licenced works without
> reproducing a copy of the MIT licence, same for GPL-licenced works
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: MJAVADOC-669
> URL: https://issues.apache.org/jira/browse/MJAVADOC-669
> Project: Maven Javadoc Plugin
> Issue Type: Bug
> Components: javadoc
> Affects Versions: 3.2.0
> Reporter: Thorsten Glaser
> Priority: Blocker
> Labels: legal, licensing
>
> A javadoc JAR generated by the Maven Javadoc Plugin 3.2.0 contains multiple
> components under the MIT licence:
> * jQuery 3.5.1
> ** {{jquery/external/jquery/jquery.js}}
> ** {{jquery/jquery-3.5.1.js}} (duplicate of the above, blowing up the PKZIP
> archive size of the JAR, why is it included like this?)
> * JSZip 3.2.1
> ** {{jquery/jszip/dist/jszip.js}}
> ** {{jquery/jszip-utils/dist/jszip-utils-ie.js}}
> ** {{jquery/jszip-utils/dist/jszip-utils.js}}{{}}
> * jQuery UI 1.12.1
> ** {{jquery/jquery-ui.css}}
> ** {{jquery/jquery-ui.js}}
> ** {{jquery/jquery-ui.structure.css}}
> * and their respective minified versions
> It also contains {{script.js}} and {{search.js}} which are
> GPLv2-with-Classpath-exception-licenced and refer to “as provided by Oracle
> in the LICENSE file that accompanied this code” but no such file accompanies
> said code.
> There are also multiple static {{resources}} and {{jquery/images}} whose
> licence is not documented.
> The MIT licence specifically *requires* that “The […] copyright notice and
> this permission notice [the licence body] shall be included in all copies or
> substantial portions of the Software.” The distribution PKZIP archives (JAR
> files) created by the Maven Javadoc Plugin violate this licence, making them
> not redistributable.
> Similarily, the GPLv2 used by the Oracle-provided files *requires* that
> redistributors “give any other recipients of the Program a copy of this
> License along with the Program.” The “if not, write to the Free Software
> Foundation” comment is specifically *not sufficient* for this and only
> provided as fallback should distributors violate this clause, as Maven
> Javadoc Plugin-generated PKZIP archives do. To be effective, the Classpath
> exception must also be provided.
> h2. Suggested fix
> Include the following new files:
> * {{jquery/LICENCE}} containing the MIT licence and all respective copyright
> notices for the various jQuery-related projects (including those _they_
> include, i.e. Sizzle, widget.js, position.js, keycode.js, unique-id.js,
> widgets/autocomplete.js, widgets/menu.js, pako, and possibly others)
> * {{js/LICENSE}} (creating a new subdirectory) containing the Classpath
> exception as provided by Oracle
> * {{COPYING}} or {{js/COPYING}} (this being the customary name for this
> file) containing the verbatim text of the GNU GPL version 2
> * Ideally, add a top-level {{LICENCE}} file pointing out those three and
> briefly documenting the licence of all other nōn-generated files and state
> all other files are generated from the original project and share its licence
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
