[jira] [Updated] (MNG-6771) Fix license issues on binary distribution

2019-11-15 Thread Robert Scholte (Jira) 


 [ 
https://issues.apache.org/jira/browse/MNG-6771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Scholte updated MNG-6771:

Fix Version/s: 3.6.3

> Fix license issues on binary distribution
> -
>
> Key: MNG-6771
> URL: https://issues.apache.org/jira/browse/MNG-6771
> Project: Maven
>  Issue Type: Bug
>  Components: General
>Affects Versions: 3.6.2
>Reporter: Vladimir Sitnikov
>Assignee: Enrico Olivelli
>Priority: Major
>  Labels: licenses
> Fix For: 3.6.3
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Please feel free to adjust the priority, however 
> [http://www.apache.org/legal/release-policy.html#licensing] says that license 
> clearance is a must, thus I report this as a Blocker.
> {quote}Every ASF release MUST comply with ASF licensing policy. This 
> requirement is of utmost importance
> {quote}
> I downloaded apache-maven-3.6.2-bin.zip, and I see the following issues with 
> it (note: there might be more):
> h2. 1) jcl-over-slf4j:1.7.25
> in apache-maven-3.6.2/LICENSE:
> {quote} - JCL 1.2 implemented over SLF4J 
> ([http://www.slf4j.org|http://www.slf4j.org/]) 
> org.slf4j:jcl-over-slf4j:jar:1.7.25
>  License: MIT License (MIT) 
> [http://www.opensource.org/licenses/mit-license.php] 
> (lib/jcl-over-slf4j.license){quote}
> The license for the artifact is most likely Apache 2.0 rather than MIT: 
> [https://github.com/qos-ch/slf4j/tree/master/jcl-over-slf4j]
> h2. 2) slf4j-api:1.7.25
> in apache-maven-3.6.2/LICENSE:
> {quote} - SLF4J API Module ([http://www.slf4j.org|http://www.slf4j.org/]) 
> org.slf4j:slf4j-api:jar:1.7.25
>  License: MIT License (MIT) 
> [http://www.opensource.org/licenses/mit-license.php] 
> (lib/slf4j-api.license){quote}
> Maven does not comply with SLF4j license.
>  Here's license for SLF4j: [https://www.slf4j.org/license.html]
>  It requires to include slf4j copyright notice, however, Maven fails to do 
> that
> h2. 3) MIT license
> [http://www.opensource.org/licenses/mit-license.php] must not be used as it 
> almost never points to a true license. It is extremely unlucky that someone 
> would copyright their work as "Copyright (c)  "
> h2. 4) org.eclipse.sisu.inject:0.3.3
> in apache-maven-3.6.2/LICENSE:
> {quote} - org.eclipse.sisu.inject 
> ([http://www.eclipse.org/sisu/org.eclipse.sisu.inject/]) 
> org.eclipse.sisu:org.eclipse.sisu.inject:eclipse-plugin:0.3.3
>  License: Eclipse Public License, Version 1.0 (EPL-1.0) 
> [http://www.eclipse.org/legal/epl-v10.html] 
> (lib/org.eclipse.sisu.inject.license){quote}
> The link to eclipse.org/sisu responds with 404.
> sisu might have their own copyright notices that should be retained, however 
> Maven re-distributes none of them (org.eclipse.sisu.inject.site-0.3.3.zip has 
> notice.html file which is not present in Maven re-distribution)
> h2. 5) ASM in org.eclipse.sisu.inject-0.3.3.jar
> lib/org.eclipse.sisu.inject-0.3.3.jar bundles ASM. ASM is MIT licensed, thus 
> every re-distribution MUST retain ASM copyright notice.
>  Maven re-distributes ASM and fails to comply with ASM license.
> h2. 6) jsoup in wagon-http-3.3.3-shaded.jar
> lib/wagon-http-3.3.3-shaded.jar bundles jsoup ([https://jsoup.org/license]) 
> which is MIT-licensed. Maven fails to comply with jsoup license.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (MNG-6771) Fix license issues on binary distribution

2019-10-26 Thread Enrico Olivelli (Jira) 


 [ 
https://issues.apache.org/jira/browse/MNG-6771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Enrico Olivelli updated MNG-6771:
-
Summary: Fix license issues on binary distribution  (was: Please fix 
license issues on binary distribution)

> Fix license issues on binary distribution
> -
>
> Key: MNG-6771
> URL: https://issues.apache.org/jira/browse/MNG-6771
> Project: Maven
>  Issue Type: Bug
>  Components: General
>Affects Versions: 3.6.2
>Reporter: Vladimir Sitnikov
>Assignee: Enrico Olivelli
>Priority: Major
>  Labels: licenses
>
> Please feel free to adjust the priority, however 
> [http://www.apache.org/legal/release-policy.html#licensing] says that license 
> clearance is a must, thus I report this as a Blocker.
> {quote}Every ASF release MUST comply with ASF licensing policy. This 
> requirement is of utmost importance
> {quote}
> I downloaded apache-maven-3.6.2-bin.zip, and I see the following issues with 
> it (note: there might be more):
> h2. 1) jcl-over-slf4j:1.7.25
> in apache-maven-3.6.2/LICENSE:
> {quote} - JCL 1.2 implemented over SLF4J 
> ([http://www.slf4j.org|http://www.slf4j.org/]) 
> org.slf4j:jcl-over-slf4j:jar:1.7.25
>  License: MIT License (MIT) 
> [http://www.opensource.org/licenses/mit-license.php] 
> (lib/jcl-over-slf4j.license){quote}
> The license for the artifact is most likely Apache 2.0 rather than MIT: 
> [https://github.com/qos-ch/slf4j/tree/master/jcl-over-slf4j]
> h2. 2) slf4j-api:1.7.25
> in apache-maven-3.6.2/LICENSE:
> {quote} - SLF4J API Module ([http://www.slf4j.org|http://www.slf4j.org/]) 
> org.slf4j:slf4j-api:jar:1.7.25
>  License: MIT License (MIT) 
> [http://www.opensource.org/licenses/mit-license.php] 
> (lib/slf4j-api.license){quote}
> Maven does not comply with SLF4j license.
>  Here's license for SLF4j: [https://www.slf4j.org/license.html]
>  It requires to include slf4j copyright notice, however, Maven fails to do 
> that
> h2. 3) MIT license
> [http://www.opensource.org/licenses/mit-license.php] must not be used as it 
> almost never points to a true license. It is extremely unlucky that someone 
> would copyright their work as "Copyright (c)  "
> h2. 4) org.eclipse.sisu.inject:0.3.3
> in apache-maven-3.6.2/LICENSE:
> {quote} - org.eclipse.sisu.inject 
> ([http://www.eclipse.org/sisu/org.eclipse.sisu.inject/]) 
> org.eclipse.sisu:org.eclipse.sisu.inject:eclipse-plugin:0.3.3
>  License: Eclipse Public License, Version 1.0 (EPL-1.0) 
> [http://www.eclipse.org/legal/epl-v10.html] 
> (lib/org.eclipse.sisu.inject.license){quote}
> The link to eclipse.org/sisu responds with 404.
> sisu might have their own copyright notices that should be retained, however 
> Maven re-distributes none of them (org.eclipse.sisu.inject.site-0.3.3.zip has 
> notice.html file which is not present in Maven re-distribution)
> h2. 5) ASM in org.eclipse.sisu.inject-0.3.3.jar
> lib/org.eclipse.sisu.inject-0.3.3.jar bundles ASM. ASM is MIT licensed, thus 
> every re-distribution MUST retain ASM copyright notice.
>  Maven re-distributes ASM and fails to comply with ASM license.
> h2. 6) jsoup in wagon-http-3.3.3-shaded.jar
> lib/wagon-http-3.3.3-shaded.jar bundles jsoup ([https://jsoup.org/license]) 
> which is MIT-licensed. Maven fails to comply with jsoup license.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)