Hi Justin,
Thanks for catching these issues. I think #2 is simply a bug in the build
script ("cayenne-gradle-plugin/build" is in ".gitignore" and is clearly copied
to the distro by mistake). Need to fix it.
#1 is something I have no recollection of... EPL is indeed included in
LICENSE.txt, but is not explicitly linked to a specific dependency. (FWIW the
latest Cayenne core doesn't have any dependencies other than SLF4J; the Modeler
and build tools have some). It was added way back before we migrated to Git
(and truncated some of the history in the process). I suspect that whatever it
was referring to is no longer around, but we may need to do some digging.
Anyone else remembers what dependency EPL was covering?
Andrus
> On Jun 8, 2021, at 10:28 AM, Justin Mclean <jmcl...@apache.org> wrote:
>
> Hi,
>
> I'm not part of your PMC, and there may be a reason(s) for this that I'm
> unaware of, but I noticed a couple of unusual things in your release:
> 1. The LICENSE includes the Eclipse Public License. The EPL license is
> Category B and in general you can't include anything that licensed Category B
> in a source release. [1]
> 2. The source release includes compiled class files [2], and jar files
> [3][4][5]. Compiled code shouldn't be included in a source release. The
> gradle jar has been discussed many times and it can't be include in a source
> release.
>
> It would be great if you could take at look at these issues.
>
> Kind Regards,
> Justin
>
> 1. https://www.apache.org/legal/resolved.html#weak-copyleft-licenses
> 2.
> ./cayenne-gradle-plugin/build/classes/java/main/org/apache/cayenne/tools/*.class
> 3. ./cayenne-gradle-plugin/gradle/wrapper/gradle-wrapper.jar
> 4. ./cayenne-gradle-plugin/build/libs/cayenne-gradle-plugin-4.2.M3.jar
> 5. ./cayenne-gradle-plugin/build/libs/cayenne-gradle-plugin-4.2.M3-sources.jar
> 6. ./cayenne-gradle-plugin/build/libs/cayenne-gradle-plugin-4.2.M3-javadoc.jar
>
>
