Thanks everyone!I think that the default of "no license" aligns to the expectation I've seen in other conversations. Omitting the <licenses> element seems to be the community understanding, especially where SPDX lacks community alignment on a value (barring the NPM behavior).
Organizationally, we lack a policy and much of our code lacks even a "copyright." Bernd has proposed a standard, but one that is not recognized by tooling, e.g., Mend (formally Whitesource). While I can align to this proposal in principle, the community at large lacks consensus.
I may propose a simple MR to the Maven POM Reference documentation that simply states something along the lines of:
"If your code is proprietary, i.e., not subject to licensing, omit this property."
This simple statement can help many others in grokking the expectations of meta-data in the POM.
Much thanks! Tim On 3/27/24 4:19 PM, Bernd Eckenfels wrote:
Nils Breunese wrote on 27. Mar 2024 20:33 (GMT +01:00):That sounds like a good idea when the code is actually licensed under the “Companyname Commercial License”No, in my case it’s not a existing license (or actually there are of course licenses for the resulting product). But I use the name to make sure: - „commercial“ keeps people from thinking it’s unrestricted (if they happen to get in contact with Pom or repo) - companyname gives a namespace - allows to be included in manifest In the end this is mostly that SBOM and build-reports list all projects together. (A vendor grouping would be better but I think normal maven reports don’t). Not specifying a license has two problems, first it might inherit unwanted licenses from parent, and secondly it makes it harder to find actual not yet documented missing licenses. Therefore I can only recommend to always use a common license even if those Poms and artifacts never are to be exposed to external participants. Gruss Bernd --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
-- Timothy Stone ============= Some call me ... Tim. Husband, Father, Blogger, OSS, Wargamer, Home Brewer, and D&D Find me on GitLab | GitHub | Linked In | MeWe | GnuPG
OpenPGP_signature.asc
Description: OpenPGP digital signature