Re: Apache Wagon vs maven-shade vs embedded licenses

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: Apache Wagon vs maven-shade vs embedded licenses

Hervé BOUTEMY
sure, if you know how to fix, yes, I can drop this release and start the next one quickly

particularly if it helps us later to improve Maven handling of the case

This case of -shaded.jar published to Central [1] is really a completely different scenario than Maven -bin.zip/tar,gz binary distribution [2] that has the dependency added to the archive.
I currently did not really get how the shaded archive case should be managed: do you have any strategy or fix available?

Regards,

Hervé

[1] http://repo.maven.apache.org/maven2/org/apache/maven/wagon/wagon-http/3.3.3/

[2] https://archive.apache.org/dist/maven/maven-3/3.6.2/binaries/

----- Mail original -----
De: "Enrico Olivelli" <[hidden email]>
À: "Maven Developers List" <[hidden email]>
Envoyé: Mercredi 6 Novembre 2019 11:20:47
Objet: Re: Apache Wagon vs maven-shade vs embedded licenses

Hervè
can we fix this issue before releasing this version of Wagon ?
this way we can update Wagon in Maven Core

Enrico

Il giorno mer 6 nov 2019 alle ore 11:06 <[hidden email]> ha scritto:

> issue created: https://issues.apache.org/jira/browse/WAGON-574
>
> Regards,
>
> Hervé
>
> ----- Mail original -----
> De: "Enrico Olivelli" <[hidden email]>
> À: "Maven Developers List" <[hidden email]>
> Cc: "Hervé BOUTEMY" <[hidden email]>
> Envoyé: Mercredi 6 Novembre 2019 09:53:29
> Objet: Re: Apache Wagon vs maven-shade vs embedded licenses
>
>
>
>
>
>
>
> Il giorno mer 6 nov 2019 alle ore 09:03 Vladimir Sitnikov <
> [hidden email] > ha scritto:
>
>
> Enrico>(I apologize, I don't want to pollute the vote thread, but this is
> somehow
> related)
>
> I've altered the subject.
>
> Enrico> For binary release (that actually is not part of the official
> VOTE)
>
> I'm not a lawyer, but:
>
> > http://www.apache.org/legal/release-policy.html#what
> > WHAT IS A RELEASE?
> > Releases are, by definition, anything that is published beyond the group
> that owns it
>
> >
>
> http://www.apache.org/legal/release-policy.html#what-must-every-release-contain
> > Every ASF release must comply with ASF licensing policy
>
> release-policy.html does not make a distinction between "part of the
> official vote" and "not a part of the official vote".
> It just stays "whatever is released must comply with ASF licensing
> policy".
>
>
>
>
>
> Totally agree
>
>
>
> In other words, the VOTE thread looks to me like "we are about to release
> Apache Maven Wagon, please check the artifacts".
> -shaded artifact is a part of the release (because it is "anything that is
> published beyond the group that owns it"),
> and -shaded does not comply with jsoup's license ==> I suggest that
> there's
> an "utmost importance" issue with the artifacts.
>
> >I wonder if we could enhance the pom in the future to report machiene
> >readable statements like 'the artifact will include a binary copy of this
> >other third party pom'
>
> That would be nice. I'm not sure everything comes from a pom though.
> For instance, -shaded, -sources, -javadoc and other "classifier-based
> artifacts" miss their respective poms.
> However, they all might re-distribute different third-party dependencies.
>
>
>
> Yes, it is not so simply as I said.
>
>
>
> Then people do not always consume artifacts as jar/pom files.
> For instance, apache-maven-3.6.2-bin.zip does not have a pom file.
>
> In my opinion, the licensing conditions should be embedded into each
> archive if that is possible.
>
>
>
> I think this is the only viable option nowadays
>
>
>
> There's spdx.org effort, however, I don't think it is ready for use.
>
> Vladimir
>
>
>
>
>
> Thanks
>
>
> Enrico
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]