I think that perhaps there's an important distinction being missed here. Central doesn't vacuum up artifacts from unsuspecting authors. Other people put them there. If the authors of code choose to deposit jar files on central, then it's not central who is 'distributing' them -- it's the authors. In this case, it's people who download from central and then repackage on their own who are responsible for worrying about tracking down and including licenses.
The tricky case here is the non-author publishers, as with the recently-announced mechanism. If I take a jar of OSS from its author's distro, and push it to central without a license file, I am probably violating the license. It's not clear to me that Sonatype is. Thus, what I take from this thread is that it would be a kindness for Sonatype to add a feature to the new publication mechanism to upload the actual license. It could then be added to META-INF or just published as an accompanying artifact, either way, and then no one would have anything to complain about. It might be worth doing this just to avoid those voices in the wide world who like to write alarmist postings about Maven distribution (e.g. Saxon's author). --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
