On 18/05/2010 1:09 PM, Bruno Harbulot wrote:
Hi,
I've just submitted this issue: http://jira.codehaus.org/browse/MNG-4680
However, I'm told this wasn't the right place to submit. I'm not sure.
To me, one of the key features of Apache Maven (if not the main
feature) is its repository mechanism. This makes the redistribution of
software via those repository a core function of Maven.
In addition, Maven's success is largely based on its central
repository I think (would anyone disagree?), which distributes mostly
open-source software, which in turn has licences that apply to its
redistribution in most cases.
In appears that the distribution model hasn't fully taken into
consideration the problem of licences. Considering that the central
repository is in breach of a number of such OSS licences, I'd say
there's something wrong with the model in that respect (hence filing
the issue with the core framework MNG).
On 16/05/10 02:00, Brian Fox wrote:
What I meant by usually was that if someone wants to include the
license text, it's done inside the archives. Take a look at any recent
apache jar for example and you'll find LICENSE and NOTICE prominently
included.
Indeed, some projects have it in the META-INF directory, even with the
binary distribution. (It's not bad, but it's not an obvious place.
Putting them along with the POM would make it a bit clearer.)
There is definitely something wrong with the "convention over
configuration" aspect. Whether that's strictly MNG domain or not is
debatable indeed. However, if you follow the guidelines in the guides
(e.g. licence placed as described in [1]), the licence doesn't end up
either in META-INF or anywhere in the repository.
Is it just a documentation shortcoming, or is it a flaw in the
architecture of Maven? There definitely is a flaw in the central
repository, since it's clearly redistributing some software without
the adequate licence.
I think these things are definitely fixable, and I'm not after an
immediate fix, but I think the issue needs more consideration w.r.t.
documentation or design of Maven, rather than saying it's the
packager's or the repository's problem.
1) If people are distributing their own software in violation of their
own licensing, it is their problem.
2) If people are distributing other people's software in violation of
the licencing, they should stop.
Hard to see how this is a Maven problem or how Maven could fix it. Case
#1 is clearly the prerogative of the owner of the software.
Case#2 would be hard to detect without having a big investigation for
every package being uploaded to be sure that it is a violation before
rejecting it. Very difficult to automate.
Lots of projects have lots of committers and who owns an open source
project would be more a question of ego than law in many cases.
More trouble than it is worth and more likely to do more damage than good.
Ron
Best wishes,
Bruno.
[1]
http://maven.apache.org/guides/introduction/introduction-to-the-standard-directory-layout.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org