One important thing for me: It should be possible to define the configuration/license descriptors in my company pom. Then every dependent project should use the default configuration provided by the company pom. But it also should be possible to override/change/extend that configuration.
Sample: Those two projects have the same company pom: - Library/reusable project that must not depend on artifacts under GPL. - Internal project that may depend on GPL Thanks, Johannes Karl Heinz Marbaise wrote: > Hi there, > > i have started with implementing some parts of a new Maven Plugin. > > The Maven License Verifier Plugin (MLV for short). > > I would present you the idea of the plugin and would like to know if > someone has some suggestions, idea's, comments etc. > > > The basic idea is to check every dependency which is used (incl. > transitive dependencies) of a build (during a mvn ..) and see if all > artifacts have licenses which are based on the policy (of a company > etc.) are allowed ...that's often a point in companies...Some companies > says only allowed is the Apache License (for example)... > > > The Plugin will use a configuration file which defines different > categories of Licenses > (http://site.supose.org/maven-licenses-verifier-plugin/licenses.html). > > The default configuration will not break a build it will just warn about > artifacts which don't have a license defined or which in a particular > category (WARN, INVALID or none of them). > > About what I'm unsure about is where to define the license.xml file (or > multiple of them): > > Option 1: > Use a particular folder: src/main/licenses/ and put one or more files in > there which will be automatically be loaded. > > Option 2: > Give a single or multiple locations for license.xml files in the > configuration section for the plugin. > > Option 3: > Use an URL to define where to download the license.xml file or may be > multiple URL's. This could be usefull in Companies to have central > location where maintain such files which can be used for every project > in a company...(May be it's possible to store that in a repository > manager like Nexus ?) > > Option 4: > Use an Artifact which can be created and stored into a Maven repository ? > > Of course the plugin is configurable in that way to brake the build if > you do ...(e.g. failOnWarning like ?)... > > > The other question is how to behave in a reactor build (Multi Module > build): > - Just have a single Configuration (e.g. in Root) and put the > configuration file(s) there (not sure how to handle this technically)... > > > And what is needed as well is to be able to exclude particular artifacts > from being checked (<excludes>...<exclude>.....).. (I have to check how > to implement this but this is an other question)... > > > Kind regards > Karl Heinz Marbaise --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
