[
https://issues.apache.org/jira/browse/MNG-6771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16967284#comment-16967284
]
Enrico Olivelli commented on MNG-6771:
--------------------------------------
[~hboutemy]
Plexus problem is:
It links Apache 2 License with a wrong link that it is a page in ASF website
[http://www.apache.org/licenses/LICENSE-2.0]
the correct link should be [http://www.apache.org/licenses/LICENSE-2.0.txt]
otherwise with are ending in downloading an HTML page
{quote}
are these questions of effective vs pom.xml declared license the only issue
that remains for Maven 3.6.3 release?
{quote}
No, the real problem is to assembly the NOTICE file for binary distribution,
this task cannot be down automatically (AFAIK there is not 'Notice' link
information in pom.xml).
It will take time, as even MIT licensed projects declare that you must copy
their NOTICE disclaimer.
I am sorry, but I can work on it only during the weekend
> Fix license issues on binary distribution
> -----------------------------------------
>
> Key: MNG-6771
> URL: https://issues.apache.org/jira/browse/MNG-6771
> Project: Maven
> Issue Type: Bug
> Components: General
> Affects Versions: 3.6.2
> Reporter: Vladimir Sitnikov
> Assignee: Enrico Olivelli
> Priority: Major
> Labels: licenses
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Please feel free to adjust the priority, however
> [http://www.apache.org/legal/release-policy.html#licensing] says that license
> clearance is a must, thus I report this as a Blocker.
> {quote}Every ASF release MUST comply with ASF licensing policy. This
> requirement is of utmost importance
> {quote}
> I downloaded apache-maven-3.6.2-bin.zip, and I see the following issues with
> it (note: there might be more):
> h2. 1) jcl-over-slf4j:1.7.25
> in apache-maven-3.6.2/LICENSE:
> {quote} - JCL 1.2 implemented over SLF4J
> ([http://www.slf4j.org|http://www.slf4j.org/])
> org.slf4j:jcl-over-slf4j:jar:1.7.25
> License: MIT License (MIT)
> [http://www.opensource.org/licenses/mit-license.php]
> (lib/jcl-over-slf4j.license){quote}
> The license for the artifact is most likely Apache 2.0 rather than MIT:
> [https://github.com/qos-ch/slf4j/tree/master/jcl-over-slf4j]
> h2. 2) slf4j-api:1.7.25
> in apache-maven-3.6.2/LICENSE:
> {quote} - SLF4J API Module ([http://www.slf4j.org|http://www.slf4j.org/])
> org.slf4j:slf4j-api:jar:1.7.25
> License: MIT License (MIT)
> [http://www.opensource.org/licenses/mit-license.php]
> (lib/slf4j-api.license){quote}
> Maven does not comply with SLF4j license.
> Here's license for SLF4j: [https://www.slf4j.org/license.html]
> It requires to include slf4j copyright notice, however, Maven fails to do
> that
> h2. 3) MIT license
> [http://www.opensource.org/licenses/mit-license.php] must not be used as it
> almost never points to a true license. It is extremely unlucky that someone
> would copyright their work as "Copyright (c) <year> <copyright holders>"
> h2. 4) org.eclipse.sisu.inject:0.3.3
> in apache-maven-3.6.2/LICENSE:
> {quote} - org.eclipse.sisu.inject
> ([http://www.eclipse.org/sisu/org.eclipse.sisu.inject/])
> org.eclipse.sisu:org.eclipse.sisu.inject:eclipse-plugin:0.3.3
> License: Eclipse Public License, Version 1.0 (EPL-1.0)
> [http://www.eclipse.org/legal/epl-v10.html]
> (lib/org.eclipse.sisu.inject.license){quote}
> The link to eclipse.org/sisu responds with 404.
> sisu might have their own copyright notices that should be retained, however
> Maven re-distributes none of them (org.eclipse.sisu.inject.site-0.3.3.zip has
> notice.html file which is not present in Maven re-distribution)
> h2. 5) ASM in org.eclipse.sisu.inject-0.3.3.jar
> lib/org.eclipse.sisu.inject-0.3.3.jar bundles ASM. ASM is MIT licensed, thus
> every re-distribution MUST retain ASM copyright notice.
> Maven re-distributes ASM and fails to comply with ASM license.
> h2. 6) jsoup in wagon-http-3.3.3-shaded.jar
> lib/wagon-http-3.3.3-shaded.jar bundles jsoup ([https://jsoup.org/license])
> which is MIT-licensed. Maven fails to comply with jsoup license.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
