-
-
Notifications
You must be signed in to change notification settings - Fork 925
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jruby-complete has incorrect license in META-INF #3199
Comments
@busbey Sounds like you know what we need to do...wanna put together a PR? |
Sure, I can do that.
|
ugh. min maven version at 3.3 means I'll need an upgrade. gotta wrap up some things before I risk a maven upgrade. sorry for the delay. |
you always can use ./mvnw from the root directory then you do not need to On Sun, Aug 2, 2015 at 7:13 AM, Sean Busbey notifications@github.com
|
has this been resolved? I was about to log a similar issue - where the download here http://jruby.org/files/downloads/1.7.21/index.html only has LICENSE.txt file with Apache-2.0 in META-INF and no other license info I could find - leading one to think that is the license. However, the corresponding here https://github.com/jruby/jruby lists the disjunctive EPL/GPL/LGPL as the main license. thanks! |
AFAIK it's still an issue. I haven't had time to take care of it and I'm not sure when I will. I'm happy to help with reviewing if someone else has time to put together a PR. |
Was about to log that too, this is still an issue in jruby-complete-9.1.13.0.jar jruby-complete-9.1.13.0.jar:/META-INF/License.txt -> apache 2.0 license LEGAL might be a good place for clarifying to users what the Jruby license is, and which other licenses apply due to its relationship to the ruby language, and dependency libraries. License.txt should definitely contain the Jruby license. All other license files maybe should be named after what they contain (i.e. apache_2.0_license.txt, ruby_license.txt, etc.) and LEGAL should maybe have an index of reasons why they are there and to which extent they apply. |
I'm unclear of the damage an incorrect license bundled with a binary might be (as opposed to a source archive), but I agree we should tidy this up. I looks like it's just the wrong set of files getting included. If someone could lookup and clarify the proper/typical way to include license info in a binary jar, that would help move this forward. If the license info in the source jars is misleading or nonstandard, of course we should fix that immediately. |
@headius the META-INF files are merge of all the shaded libraries. so that is how this mix come in. this mix should be already there for the regular jruby.jar as we do shade libraries here as well. probably there is way to keep those out of the shaded file. try to look into this (time is limited nowadays). |
@headius it looks like we can configure to shade-plugin to do something with the licenses - the question is what is wanted ? https://stackoverflow.com/questions/22968266/maven-shade-plugin-and-licenses |
the jruby-complete-9.0.0.0.jar file has META-INF/LICENSE.txt and META-INF/NOTICE.txt that don't line up with the jruby licensing.
It looks like we're not bundling our COPYING and associated licensing files in our jars. Additionally, the complete jar doesn't filter the files included from our dependencies, so we end up with the license and notice from joda-time. For downstream folks that rely on inspecting these files or aggregating them, we inappropriately appear to be ASLv2 licensed.
We should filter out LICENSE(.txt)? and NOTICE(.txt)? from our shading and put COPYING, LICENSE.RUBY, and LEGAL in META-INF.
The text was updated successfully, but these errors were encountered: