Nah sorry, I think I was not clear enough: What I was talking about: IF a lot more artifacts would have an explicit <license> section in their poms, then it would be easier for tools (e.g. apache-rat and the maven-dependency-plugin) to check those dependencies and list/evaluate em.
By asking the user for the licenses (a numbered bullet list like we have in the archetype plugin + an option for a free string entry) we could possibly heavily increase the amount of artifacts with a <license> section. This would certainly take some time, but after 1 year, this should really take off. Another way would be to parse for META-INF/Manifest info and LICENSE files inside the artifacts and propagate it to the poms. But this is rather delicate to handle... I know this is not directly solving your current problem, but it could help to preventing us from getting this problem in the future. LieGrue, strub --- On Sun, 6/12/11, Benson Margulies <bimargul...@gmail.com> wrote: > From: Benson Margulies <bimargul...@gmail.com> > Subject: Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change > To: "Maven Developers List" <dev@maven.apache.org> > Date: Sunday, June 12, 2011, 3:40 PM > There's no such thing as a > 'retroactive license change', though > perhaps the Tanuki-person has managed a sufficient > approximation. Is > there? > > Once upon a time, he/they released some version of JSW > under a > friendly licence, and it pushed to central. The grant of > that license > to that version is effectively irrevocable. Subsequent > versions may > have different licenses, and the author might have removed > the old > version -- though if it was really licensed with a > permissive license > some other person could put it back. > > > On Sun, Jun 12, 2011 at 11:32 AM, Mark Struberg <strub...@yahoo.de> > wrote: > > just an idea: what about extending the > maven-release-plugin to ask for a license if the pom > doesn't contain a <license> section? > > > > LieGrue, > > strub > > > > --- On Sun, 6/12/11, Robert Burrell Donkin <robertburrelldon...@gmail.com> > wrote: > > > >> From: Robert Burrell Donkin <robertburrelldon...@gmail.com> > >> Subject: [REDUX] Java Service Wrappers (JSW) > unfortunate license change > >> To: "Maven Developers List" <dev@maven.apache.org> > >> Date: Sunday, June 12, 2011, 3:26 PM > >> (This is continuation of a thread > >> from 2008[1]. It's now impacting the > >> release of Apache James 3. If the topic is too far > OT > >> please shout ;-) > >> > >> > >> The JSW artifacts in Maven Central [2] now seem to > lack a > >> public > >> license (in other words, a unilateral license > allowing the > >> public to > >> distribute and download the artifact) > >> > >> AFACT (please jump in if there's anything I've > missed or > >> misunderstood) to fix this particular problem the > community > >> needs to > >> * Remove JSW runtime dependency from appassembler > >> * Remove the artifact from maven central > >> * Fork the source and release replacement > artifacts with > >> clean IP > >> * Cut a new appassembler release > >> > >> My computer time is limited ATM so if any help > would be > >> really appreciated... > >> > >> > >> > >> In this brave new world of retroactive license > changes, > >> this is a good > >> example of an important problem. The licenses > issued by the > >> original > >> authority for an artifact may change over time, > and the > >> license which > >> a downstream consumer of that artifact may rely > upon may no > >> longer be > >> issued by the upstream authority for that > artifact. This > >> allows > >> bait-and-switch tactics by upstream producers. To > avoid > >> potential > >> issues in the future for downstream users and > those > >> operating Maven > >> central, I think the Maven community needs to > start > >> thinking about > >> this problem now. > >> > >> > >> More specifically, reliable write-license > meta-data in the > >> repository > >> could be used to verify at release time that the > >> dependencies have > >> licenses that satisfy some sort of policy. This is > the sort > >> of fits > >> with Rat but Rat has stalled in the Incubator > since > >> there's no > >> obvious way home after graduation. My recovery > continues > >> but my > >> computer time is still limited. Suggestions, > opinions, > >> ideas and > >> offers for help welcomed. > >> > >> (Out of time) > >> > >> Robert > >> > >> [1] http://www.mail-archive.com/dev@maven.apache.org/msg74005.html > >> [2] > >> http://search.maven.org/#search|gav|1|g%3A%22tanukisoft%22%20AND%20a%3A%22wrapper-delta-pack%22 > >> > >> > --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > >> For additional commands, e-mail: dev-h...@maven.apache.org > >> > >> > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > For additional commands, e-mail: dev-h...@maven.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
