New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update about html's. #829
Update about html's. #829
Conversation
6c66a9e
to
62fdfbe
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I well understand with this PR, "default build" will now generate a list of license dependencies for each project ?
Why do we need to do that ?
I tried to run the build on my side and I get those warning :
[WARNING] The assembly descriptor contains a filesystem-root relative reference, which is not cross platform compatible /licenses
[WARNING] POM for dependency org.apache.httpcomponents:httpasyncclient has an invalid license URL: LICENSE.txt
[WARNING] Unable to retrieve license for dependency: com.upokecenter:cbor
[WARNING] http://www.creativecommons.org/publicdomain/zero/1.0/
[WARNING] Server returned HTTP response code: 403 for URL: http://www.creativecommons.org/publicdomain/zero/1.0/
[WARNING] Unable to retrieve license for dependency: com.github.peteroupc:numbers
[WARNING] http://www.creativecommons.org/publicdomain/zero/1.0/
[WARNING] Server returned HTTP response code: 403 for URL: http://www.creativecommons.org/publicdomain/zero/1.0/
(Curiosity question : Why do we embed LICENSE-2.0-netty.txt too ?)
MIT-license-slf4j.html
Outdated
@@ -0,0 +1,72 @@ | |||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why adding the slf4j licence ?
The main idea of the PR was to clean up the referred licenses, because some components (e.g. serial execution) has changed. The idea to use the plugin was to verify, that we have the correct list. |
I stick to the pattern I found in the "abouts" and available license files, |
So we generate a list of license and check manually, if information in "abouts" are OK ? |
That was my idea. The list is short, I just want to ensure, that we don't miss too much ... |
Ok so we don't need to generate this at each build, but just when we need to check it ? |
Yes, that would be a good improvement. |
I create a branch based on this PR with only 2 commits. One commit to remove the license of project dependencies. When we need to get license of project dependencies to update "abouts" manually we can use :
Just cherry-picks (and squash in this PR), commits which makes sense to you. |
Thanks! I will have a look on that, if other tasks are finished :-). |
I moved the optional "download-licenses" into a profile. Using |
I think, using 3rd-party stuff comes mostly with a licenses, which instructs you to copy the licenses, if you use it. Therefore, I think keeping the MIT and APACHE licenses should be the right way. Now the about mentions precise, which 3rd-party component uses which license, so the 3rd-party-component name in the licenses (introduced prior to me) seems to be obsolete. Therefore I removed the name from the license files. |
I would like to keep the
may be in the future "some apps" can use that dowloaded licenses to display them. |
Would it be possible, to copy the from the modules "resources" also from a parents "resources"? Then only one copy of the about.html, edl-v10.html, epl-v10.html, and notice.html would be required and only on "about.html" need to be maintained. |
My feeling on this below but feel free to do as you prefer.
AFAIK, including license is generally not about using it but more about redistribution or modification. Here I'm not sure we should consider we redistribute it. We just depend on it. Another point, Eclipse Foundation is pretty meticulous with license and since years I work with them, I never get a remark about this point (I mean including license of dependencies). So, personally I would not to integrate it.
Personally, I would wait those "apps" exist before to integrate modification for them.
I'm not sure if I get the point correctly but I suppose you could add resources which references files or folders in parent directory ?
<build>
<resources>
<!-- re-add the defaul directory if you need it, or just in case someone expects it was configured as usual -->
<resource>
<directory>src/main/resources</directory>
</resource>
<resource>
<directory>../licenses</directory>
</resource>
</resources>
<plugins>
... ...
<build>
<resources>
<!-- it seems to me you need to put again the default resource directory -->
<resource>
<directory>src/main/resources</directory>
</resource>
<resource>
<directory>..</directory>
<includes>
<include>yourlicensefile.html</include>
<include>anotherlicensefile.html</include></includes>
</resource>
</resource>
</resources>
<plugins>
... ... But here also I feel this a bit overkill.
(Eventually you can add header to the pom.xml which contains the license too) <!--
Copyright (c) 201? Institute for Pervasive Computing, ETH Zurich and others.
All rights reserved. This program and the accompanying materials
are made available under the terms of the Eclipse Public License v1.0
and Eclipse Distribution License v1.0 which accompany this distribution.
The Eclipse Public License is available at
http://www.eclipse.org/legal/epl-v10.html
and the Eclipse Distribution License is available at
http://www.eclipse.org/org/documents/edl-v10.html.
-->
That sounds enough for me. |
In Hono we use a separate module legal which contains the about, licenses etc. in a central place. In the other modules we use the maven dependency plugin to copy the content of the legal module to the local build folder. This way we maintain all of the relevant legal docs in one place only. BTW Simon is right in that the obligation to include license and other notice files only affects dependencies that we re-distribute. This includes all third party dependencies that are required during runtime and their transitive deps. We do not need to include dependencies that are used during build and test only. |
Using a About having a list of licenses, I discover recently maven-project-info-reports-plugin plug-in which generates reports.
It's hard to find clear information about that but as I understand "dependency" does not mean "distribution". For me there is distribution only if we provide an archive which contain the third party code. So for example, (Here some source about that : https://www.apache.org/dev/licensing-howto.html) |
So:
FMPOV, I would prefer to include the licenses in all jars. It's for me not only about the "letters in the license", it's also about appreciate the used work of others. And with a common legal module and the license downloader to required time seem to be fair for me. |
b512468
to
1097370
Compare
OK, I'm done.
|
e5be2b7
to
fbb0c4b
Compare
Introduce license-maven-plugin. Add legal module. Remove legals from other modules and include the legal module as dependency. Signed-off-by: Achim Kraus <achim.kraus@bosch-si.com>
Introduce license-maven-plugin.
Rename license of netty to include netty in the name.
Signed-off-by: Achim Kraus achim.kraus@bosch-si.com