jdaugherty commented on code in PR #15530:
URL: https://github.com/apache/grails-core/pull/15530#discussion_r3035065880
##########
build-logic/plugins/src/main/groovy/org/apache/grails/buildsrc/SbomPlugin.groovy:
##########
@@ -95,7 +103,12 @@ class SbomPlugin implements Plugin<Project> {
'pkg:maven/com.oracle.coherence.ce/[email protected]?type=pom': 'UPL-1.0',
// does not have map based on license id
'pkg:maven/com.oracle.coherence.ce/[email protected]?type=pom': 'UPL-1.0',
// does not have map based on license id
'pkg:maven/opensymphony/[email protected]?type=jar'
: 'OpenSymphony', // custom license approved by legal LEGAL-707
- 'pkg:maven/org.jruby/[email protected]?type=jar'
: 'BSD-3-Clause'//
https://web.archive.org/web/20240822213507/http://www.jcraft.com/jzlib/LICENSE.txt
shows it's a 3 clause
+ 'pkg:maven/org.jruby/[email protected]?type=jar'
: 'BSD-3-Clause', //
https://web.archive.org/web/20240822213507/http://www.jcraft.com/jzlib/LICENSE.txt
shows it's a 3 clause
+ 'pkg:maven/org.jboss/[email protected]?type=pom'
: 'CC0-1.0', // upstream declares Public Domain with CC0 URL but no SPDX id
Review Comment:
According to
https://repo1.maven.org/maven2/org/jboss/jandex/3.3.1/jandex-3.3.1.pom it was
moved to https://smallrye.io/blog/jandex-3-0-0/
Do you know what's including this library? Since the new blog says it's ASF
2.0 licensed it would be better if we could use that version instead (we may
not be able to if hibernate isn't pulling in the ASF version)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
