Add license details to published pom files #100
Comments
|
Out of curiosity, what tool will flag the plugin for having no license? |
any/all? depending on how the tool is configured, these OSS tools generally assume it is copyrighted and proprietary with no license granted for use. some possible examples:
|
|
Do they really check build dependencies by default? (the first one doesn't at least) (I mean, I'll do it as it should be easy, but am trying to understand the full story) |
|
The OSS license compliance solutions that operate at the repo proxy level will block unlicensed deps. i.e. if you have a OSS compliance solution on an internal The internal proxy doesn't know if the dep was a build dep or a production dep. |
|
Fyi, plugin marker artifacts won't have license information no matter what projects do, until Gradle fixes gradle/plugin-portal-requests#212 |
|
That's only true for those which are published to the portal. Ones on standard places like Maven central contain them like any other artifact. |
|
Version 4.1.0 released with the change: https://plugins.gradle.org/m2/net/ltgt/gradle/gradle-errorprone-plugin/4.1.0/gradle-errorprone-plugin-4.1.0.pom As noted above, this doesn't apply to the plugin marker artifact: https://plugins.gradle.org/m2/net/ltgt/errorprone/net.ltgt.errorprone.gradle.plugin/4.1.0/net.ltgt.errorprone.gradle.plugin-4.1.0.pom |
Add license info to all the poms published by this repo.
e.g. (and an any other publish poms)
See https://maven.apache.org/pom.html#Licenses
Else this gets flagged for having no license.
The text was updated successfully, but these errors were encountered: