(This is continuation of a thread from 2008[1]. It's now impacting the release of Apache James 3. If the topic is too far OT please shout ;-)
The JSW artifacts in Maven Central [2] now seem to lack a public license (in other words, a unilateral license allowing the public to distribute and download the artifact) AFACT (please jump in if there's anything I've missed or misunderstood) to fix this particular problem the community needs to * Remove JSW runtime dependency from appassembler * Remove the artifact from maven central * Fork the source and release replacement artifacts with clean IP * Cut a new appassembler release My computer time is limited ATM so if any help would be really appreciated... In this brave new world of retroactive license changes, this is a good example of an important problem. The licenses issued by the original authority for an artifact may change over time, and the license which a downstream consumer of that artifact may rely upon may no longer be issued by the upstream authority for that artifact. This allows bait-and-switch tactics by upstream producers. To avoid potential issues in the future for downstream users and those operating Maven central, I think the Maven community needs to start thinking about this problem now. More specifically, reliable write-license meta-data in the repository could be used to verify at release time that the dependencies have licenses that satisfy some sort of policy. This is the sort of fits with Rat but Rat has stalled in the Incubator since there's no obvious way home after graduation. My recovery continues but my computer time is still limited. Suggestions, opinions, ideas and offers for help welcomed. (Out of time) Robert [1] http://www.mail-archive.com/dev@maven.apache.org/msg74005.html [2] http://search.maven.org/#search|gav|1|g%3A%22tanukisoft%22%20AND%20a%3A%22wrapper-delta-pack%22 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
