www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Bagnara <apa...@bago.org>
Subject POM licensing and repository management
Date Tue, 02 Oct 2007 11:42:37 GMT
Here is an attempt to summarize the issues raised in the "POM licensing"
thread in the repository list [1]. I cross-post to legal-discuss and
repository because this include both legal and procedural issues, each
one better belongs to its own list, but the other add information to the

Here is the original message from Robert [1]:
> many (most?) pom's in the repository lack license information. it's
> therefore unclear under what conditions the meta-data can be used or
> re-used. this prevents meta-data mining. 
> since the respository is hosted on apache hardware, IMHO the meta-data
> released through the repository should be explicitly licensed under
> ALv2.0. 
> - robert

And here is the list of legal issues and technical/procesural issues I
collected in that thread:

"legal issues" summary is:

1) Are the "simplest" pom.xml (artifactId+groupId+license
information+dependencies) copyrightable?

2) What licenses should we allow for pom.xml in order to make *legal*
the current use of the central maven repository?

3) Can the license for the pom.xml be described in the xml itself or we
need the whole license header like the one we would prepend to any other
xml file? The pom.xml is often a redistributable "as is", without being
included in a package: does this need a special "license header" ?

The technical/procedural issues for the repository management are:

A) How to tweak the current procedures to avoid publishing of new
pom.xml without a license or without an acceptable license (BSD, MIT,
ASL, W3C..., depending on answers about #2 above)

B) How to deal with the current poms not having a license.

C) What to do when a pom is already published in a 3rd party repository
under an incompatible license: we cannot copy it, and probably is not a
good practice to create another pom with the same artifactId/groupId but
with different informations.

D) How to "evangelize" projects to make sure that future pom.xml (and
other resources like site.xml) includes the license header (e.g: make
sure maven plugins bugs are solved ASAP and high priority)



View raw message