[
https://issues.apache.org/jira/browse/MJAVADOC-669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17268764#comment-17268764
]
Thorsten Glaser commented on MJAVADOC-669:
------------------------------------------
Thanks.
I checked 8u, and we’re probably fine there, only a rather trivial javascript
file without explicit notices. (And a CSS file, but…)
> Generated javadoc JARs contain jQuery and other MIT-licenced works without
> reproducing a copy of the MIT licence, same for GPL-licenced works
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: MJAVADOC-669
> URL: https://issues.apache.org/jira/browse/MJAVADOC-669
> Project: Maven Javadoc Plugin
> Issue Type: Bug
> Components: javadoc
> Affects Versions: 3.2.0
> Reporter: Thorsten Glaser
> Priority: Blocker
> Labels: legal, licensing
>
> A javadoc JAR generated by the Maven Javadoc Plugin 3.2.0 contains multiple
> components under the MIT licence:
> * jQuery 3.5.1
> ** {{jquery/external/jquery/jquery.js}}
> ** {{jquery/jquery-3.5.1.js}} (duplicate of the above, blowing up the PKZIP
> archive size of the JAR, why is it included like this?)
> * JSZip 3.2.1
> ** {{jquery/jszip/dist/jszip.js}}
> ** {{jquery/jszip-utils/dist/jszip-utils-ie.js}}
> ** {{jquery/jszip-utils/dist/jszip-utils.js}}
> * jQuery UI 1.12.1
> ** {{jquery/jquery-ui.css}}
> ** {{jquery/jquery-ui.js}}
> ** {{jquery/jquery-ui.structure.css}}
> * and their respective minified versions
> It also contains {{script.js}} and {{search.js}} which are
> GPLv2-with-Classpath-exception-licenced and refer to “as provided by Oracle
> in the LICENSE file that accompanied this code” but no such file accompanies
> said code.
> There are also multiple static {{resources}} and {{jquery/images}} whose
> licence is not documented.
> The MIT licence specifically *requires* that “The […] copyright notice and
> this permission notice [the licence body] shall be included in all copies or
> substantial portions of the Software.” The distribution PKZIP archives (JAR
> files) created by the Maven Javadoc Plugin violate this licence, making them
> not redistributable.
> Similarily, the GPLv2 used by the Oracle-provided files *requires* that
> redistributors “give any other recipients of the Program a copy of this
> License along with the Program.” The “if not, write to the Free Software
> Foundation” comment is specifically *not sufficient* for this and only
> provided as fallback should distributors violate this clause, as Maven
> Javadoc Plugin-generated PKZIP archives do. To be effective, the Classpath
> exception must also be provided.
> h2. Suggested fix
> Include the following new files:
> * {{jquery/LICENCE}} containing the MIT licence and all respective copyright
> notices for the various jQuery-related projects (including those _they_
> include, i.e. Sizzle, widget.js, position.js, keycode.js, unique-id.js,
> widgets/autocomplete.js, widgets/menu.js, pako, and possibly others)
> * {{js/LICENSE}} (creating a new subdirectory) containing the Classpath
> exception as provided by Oracle
> * {{COPYING}} or {{js/COPYING}} (this being the customary name for this
> file) containing the verbatim text of the GNU GPL version 2
> * Ideally, add a top-level {{LICENCE}} file pointing out those three and
> briefly documenting the licence of all other non-generated files and state
> all other files are generated from the original project and share its licence
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
