Hi all! Clojars (https://clojars.org - the community repository for open source Clojure libraries) will now require a license to be specified in the POM file for:
- newly uploaded versions for new projects - newly uploaded versions for existing projects where the prior version had a license We will then start requiring a license for *all* newly uploaded versions on or after 2024-01-01. Note that this will not impact any *existing* versions; existing versions that don't have a license in the POM file will remain unchanged. For more details, see this issue[1] for discussion of the change, and the Deploying wiki entry[2] for how to add a license to your POM. ## Why is Clojars making this change? We are making this change: - to better support auditing from java ecosystem tools that use the POM as the source of truth for the license - enforce better hygiene; all open source projects should have a license ## How does this change impact me? If you only consume projects from Clojars and do not release libraries, you don't need to do anything. If you publish projects to Clojars, you will need to: - include a license with any new projects - continue to include a license with new versions of projects where you already provide a license - update any projects that don't provide a license to provide one before the end of the year if you plan to release a new version If Clojars rejects your deploy, you will see a message like: ``` Could not transfer metadata org.clojars.tcrawley:deploytest/maven-metadata.xml from/to clojars (https://repo.clojars.org/): authorization failed for https://repo.clojars.org/org/clojars/tcrawley/deploytest/maven-metadata.xml, status: 403 Forbidden - the POM file does not include a license. See https://bit.ly/3PQunZU ``` Most versions already have licenses in their POM files since Leiningen[3] includes one by default, and prints a warning when you try to deploy without one. But newer tooling built on the Clojure CLI tools[4] doesn't have this warning (however, clj-new[5] will generate a pom.xml that does include a license if you use it to template your project). ## Thank you Thanks to Peter Monks for suggesting this change, and Daniel Compton for discussing a solution. ## Supporting this work This work was done as part of an ongoing maintenance contract from Clojurists Together[6]. You can also sponsor me directly on GitHub Sponsors[7] if you would like to directly fund my maintenance of Clojars. Please reply here or on the issue if you have any concerns or questions. - Toby [1]: https://github.com/clojars/clojars-web/issues/873 [2]: https://github.com/clojars/clojars-web/wiki/Pushing#licenses [3]: https://leiningen.org/ [4]: https://clojure.org/guides/deps_and_cli [5]: https://github.com/seancorfield/clj-new [6]: https://www.clojuriststogether.org/ [7]: https://github.com/sponsors/tobias -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/clojure/e4a1b7c9-1cf7-46c1-9391-60c672c3ba4c%40app.fastmail.com.
