 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
14 messages in org.apache.legal-discussRe: Maven repository issues [Was: Cre...| From | Sent On | Attachments |
|---|---|---|
| Henri Yandell | May 29, 2008 1:06 am | |
| Stefano Bagnara | May 29, 2008 1:17 am | |
| Assaf Arkin | May 29, 2008 10:53 am | |
| Henri Yandell | May 29, 2008 12:10 pm | |
| Stefano Bagnara | May 29, 2008 12:35 pm | |
| David Jencks | May 29, 2008 12:47 pm | |
| Craig L Russell | May 29, 2008 2:38 pm | |
| Gilles Scokart | May 30, 2008 1:04 am | |
| Stefano Bagnara | May 30, 2008 1:47 am | |
| Assaf Arkin | May 30, 2008 2:50 am | |
| sebb | May 30, 2008 2:51 am | |
| Stefano Bagnara | May 30, 2008 3:33 am | |
| Assaf Arkin | May 30, 2008 4:33 am | |
| Gilles Scokart | May 30, 2008 4:35 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: Maven repository issues [Was: Creative Commons Attribution License] | Actions... |
|---|---|---|
| From: | Stefano Bagnara (apa...@bago.org) | |
| Date: | May 29, 2008 12:35:27 pm | |
| List: | org.apache.legal-discuss | |
Henri Yandell ha scritto:
The issue, I think, is the next step in that - if it is copyrightable, then we need to license that. At least I'm reading this as the JAMES PMC having discussion about publishing their own poms, not whether they will depend on 3rd party jars without a license on the top. Maybe I'm wrong though :)
No, we include the standard ASF header in our poms. The problem is that we use a technique that I call "local stage repository". This is a maven repository (legacy structure) having a relative path to the project root itself. This way we can redistribute a package that can be built with maven with no internet access because we also provide any dependency in our "local stage repository". This is lie the "old" lib folder for ant based projects, simply structured by groupId/artifactId. If we only put there jars then maven will automatically create simple poms when installing them and this is not good because the new poms would differ from the "official" pom and this would break transitive dependencies for other projects built in the same machine (sharing the same local repository, this time it is the .m2 folder in the user home and not our "stage repository"). So we have to also put the original poms in this stage folder to make everything work fine. The problem is that 99% of poms descriptor in maven central do not provide a license header and so we have to take them as "all right reserved" and ASF does not allow us to redistribute similar files.
That's a general problem for any user - how to determine the license of their 3rd party works. There are solutions out there - commercial and open source.
With the Maven repository, the jar files often contain LICENSE and NOTICE files now - I always check the META-INF of an unknown jar for its licensing nowadays (to the point of having a script for it :) ).
As you say the JAR includes the LICENSE/NOTICE, but my problem is that the pom is not inside the JAR and more often than not it has not been created by the JAR author. So there is no way to know the license for the pom itself unless it has an header (and 99% of poms in central do not have a license header).
This could even mean that people has no right to use the poms as part of an automated process (a maven/ivy build) because I didn't find any documentation in central about what usage rights I have for the poms they redistribute.
Stefano
--------------------------------------------------------------------- DISCLAIMER: Discussions on this list are informational and educational only. Statements made on this list are not privileged, do not constitute legal advice, and do not necessarily reflect the opinions and policies of the ASF. See <http://www.apache.org/licenses/> for official ASF policies and documents.