Hello, as Vladimir reported in [1] we have problems of our binary distributions.
Short version of the story: - we are missing some entries in LICENSE, in my opinion we should cite every other ASLv2 licenced project that is not of property of ASF (like Plexus), but we are currently skipping them - we are not handling correctly some hidden (shaded/relocated) dependencies - some of our direct dependencies of Maven Core messed with their LICENSE, so the data that we can download automatically (from Maven central) is not consistent with other sources (websites for instance) Please follow up on JIRA for the detailed discussion about every single dependency. I have also started a branch for the fixes, but it is only a playground for me currently as we should decide how the LICENSE/NOTICE/.license files should look like before actually doing this. I have experience of this kind of discussions in Apache BookKeeper project and we came out with this doc [3] and a Pull request validation script that validates as much as possible those rules. I am tyring to understand our dependencies and our packaging of licensing material, in order to come with a complete proposal. Any thought or suggestion is very welcome ! Enrico [1] https://issues.apache.org/jira/browse/MNG-6771 [2] https://github.com/apache/maven/pull/297 [3] http://bookkeeper.apache.org/community/licensing/
