Re: [PR] pom: split compound licenses [tomcat]

2026-04-14 Thread via GitHub 


earldouglas commented on PR #991:
URL: https://github.com/apache/tomcat/pull/991#issuecomment-4244863771

   > If multiple licenses are listed, it is assumed that the user can select 
any of them, not that they must accept all.
   
   Oh interesting, I didn't know that.  Thanks for the context!
   
   It seems like in this case it's a no-win.  We don't want to list multiple 
licenses, because there is not an option for the user to choose between them, 
and we can't combine them because that's not supported by Maven.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] pom: split compound licenses [tomcat]

2026-04-14 Thread via GitHub 


markt-asf commented on PR #991:
URL: https://github.com/apache/tomcat/pull/991#issuecomment-4244721194

   > > the definition of the `` element in a POM is that it defines a 
choice from multiple licenses
   > 
   > I'm not sure that's the case. My read of 
https://maven.apache.org/pom.html#Licenses is that there should be one entry 
for each license that applies to the project. In this case, two licenses always 
apply, and so both should get its own entry.
   
   This is not the full definition:
   https://maven.apache.org/ref/3.9.14/maven-model/maven.html
   
   > Would this PR be merged into a supported branch?
   
   No.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] pom: split compound licenses [tomcat]

2026-04-14 Thread via GitHub 


earldouglas commented on PR #991:
URL: https://github.com/apache/tomcat/pull/991#issuecomment-4244675777

   > the definition of the `` element in a POM is that it defines a 
choice from multiple licenses
   
   I'm not sure that's the case.  My read of 
 is that there should be one entry 
for each license that applies to the project.  In this case, two licenses 
always apply, and so both should get its own entry.
   
   Combining them into a single entry is misleading, since both the `name` and 
`url` are invalid.  This breaks principle of least surprise for the user, as 
they are forced to manually read the invalid entry to interpret it.  This also 
breaks standards, which can prevent the use of this library and its POM as a 
dependency.
   
   > Tomcat 7.0.x is unsupported
   
   Would this PR be merged into a supported branch?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] pom: split compound licenses [tomcat]

2026-04-14 Thread via GitHub 


markt-asf commented on PR #991:
URL: https://github.com/apache/tomcat/pull/991#issuecomment-4242878151

   While I appreciate the intention of this PR, the definition of the 
`` element in a POM is that it defines a choice from multiple 
licenses. That isn't what we have here. I am concerned that if multiple license 
elements are defined, consumers of the JARs (and tooling in particular) will 
not take account of the notes.
   
   Also Tomcat 7.0.x is unsupported and has been since March 2021.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] pom: split compound licenses [tomcat]

2026-04-14 Thread via GitHub 


markt-asf closed pull request #991: pom: split compound licenses
URL: https://github.com/apache/tomcat/pull/991


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] pom: split compound licenses [tomcat]

2026-04-13 Thread via GitHub 


n828cl commented on PR #991:
URL: https://github.com/apache/tomcat/pull/991#issuecomment-4240844931

   Not commenting on the content, but please don't create multiple PRs - 
especially for Tomcat versions that are not supported. If and when the PR is 
accepted, a committer will merge the changes into each appropriate branch.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] pom: split compound licenses [tomcat]

2026-04-13 Thread via GitHub 


earldouglas commented on PR #991:
URL: https://github.com/apache/tomcat/pull/991#issuecomment-4240775351

   If this looks good, I'll create similar PRs for the 8.5.x, 9.0.x, 10.0.x, 
10.1.x, and 11.0.x branches.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[PR] pom: split compound licenses [tomcat]

2026-04-13 Thread via GitHub 


earldouglas opened a new pull request, #991:
URL: https://github.com/apache/tomcat/pull/991

   Combining the licenses creates invalid URLs:
   
   ```
   
 
   
 http://www.apache.org/licenses/LICENSE-2.0.txt and
 http://www.opensource.org/licenses/cddl1.txt
   
 
   
   ```
   
   Compared to using separate entries for each license:
   
   ```
   
 
   
 http://www.apache.org/licenses/LICENSE-2.0.txt
   
 
 
   
 http://www.opensource.org/licenses/cddl1.txt
   
 
   
   ```
   
   This breaks tools that validate the URLs, including BOM standards such as 
CycloneDX:
   
   ```
   license.url: does not match the iri-reference pattern must be a valid RFC 
3987 IRI-reference
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]