Use of license-maven-plugin

[Fabian Christ <ch...@googlemail.com>]

Hi,

I have added the license-maven-plugin [1] to the parent and main
reactor POM. The goal is to generate overviews of all dependencies and
their licenses within the Stanbol code base [2].

When running 'mvn install' the plugin generates a
'DEPENDENCIES-BY-LICENSE' file in META-INF for each JAR. This file
lists all dependencies of the artifact grouped by licenses. This file
is also generated for the top level reactor POM. By this, we get an
overview of all dependencies and their licenses in
/target/maven-shared-archive-resources/META-INF/ after running 'mvn
install' from the root folder.

At the moment there is a large list of dependencies with unknown
licenses. To resolve the unknown licenses we have to edit the new
src/licenses/THIRD-PARTY.properties file you find in the source folder
of each artifact. This file is automatically generated and lists all
dependencies with unknown licenses. By adding the license information
to these files the problem gets solved.

For Stanbol releases we have to know the license of each dependency.
So unknown licenses are not allowed. I have configured the RAT profile
of Stanbol to raise a build failure if there are any unknown licenses.
The RAT profile is activated by 'mvn install -Prat'. This checks for
missing license headers in our source files and unknown licenses.

Hopefully, this helps us to resolve all license issues before doing a release.

[1] http://mojo.codehaus.org/license-maven-plugin/
[2] https://issues.apache.org/jira/browse/STANBOL-493

-- 
Fabian
http://twitter.com/fctwitt

Re: Use of license-maven-plugin

[Ali Anil Sinaci <a....@gmail.com>]

Hi Fabian,

Yes, I was using the 'rat' profile.

Thank you for the solution; using the timestamp version in the 
properties file makes the build success.

Best,
Anil.

On 02/16/2012 07:05 PM, Fabian Christ wrote:
> Hi,
>
> thinking about SNAPSHOT dependencies and licenses I came to the
> conclusion that it does not make much sense to define the license for
> SNAPSHOTs. Once we do a release we have to fix the license for the
> released version anyway. Additionally, the license of a SNAPSHOT may
> change at any time.
>
> Now, the maven-license-plugin has a bug handling SNAPSHOTs. In some
> cases you have to specify the timestamp version of the SNAPSHOT in the
> THIRD-PARTY.properties file.
>
> In your case Anil it would be
> script-engine-0.1-incubating-20120203.131915-85 instead of
> script-engine-0.1-incubating-SNAPSHOT. This works as long as their is
> no new SNAPSHOT version. So for a quick fix this is okay. We will have
> to change it once there is a stable Clerezza version.
>
> - Fabian
>
> Am 16. Februar 2012 17:27 schrieb Fabian Christ<ch...@googlemail.com>:
>> Hi,
>>
>> I just found out that the maven-license-plugin has problems with
>> SNAPSHOT dependencies if they are internally resolved to some version
>> number like at.newmedialab.ldpath--ldpath-core-bundle--0.9.4-20120123.115045-3
>> instead of at.newmedialab.ldpath--ldpath-core-bundle--0.9.4-SNAPSHOT.
>> This may be the same problem as with some Clerezza SNASPHOT
>> dependencies.
>>
>> Now I am looking for a workaround to this problem.
>>
>> - Fabian
>>
>> Am 16. Februar 2012 17:16 schrieb Fabian Christ<ch...@googlemail.com>:
>>> Hi Anil,
>>>
>>> I assume you use the 'rat' profile.
>>>
>>> I think you did everything right. But I'm currently also facing
>>> similar problems with this plugin. Some dependencies seem not to be
>>> handled correctly. I am currently figuring out why this happens but
>>> maybe this plugin has some bugs that make it unusable.
>>>
>>> Best,
>>>   - Fabian
>>>
>>> Am 16. Februar 2012 17:07 schrieb Ali Anil Sinaci<a....@gmail.com>:
>>>> Hi,
>>>>
>>>> When I run the plugin on Contenthub, I receive error for the following
>>>> dependency:
>>>> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT
>>>>
>>>> After I indicate that this is "Apache Software License - Version 2.0" in the
>>>> associated THIRD-PARTY.properties file:
>>>>
>>>> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT=The Apache
>>>> Software License, Version 2.0
>>>>
>>>> and run it again, it still gives the same error and removes the information
>>>> that I entered:
>>>> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT=
>>>>
>>>> When I look into the jar file of
>>>> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT, I cannot
>>>> see any licence information. Can this be the cause of the problem? Does
>>>> anyone have any idea in this?
>>>>
>>>> Thanks,
>>>> Anil.
>>>>
>>>>
>>>>
>>>> On 02/15/2012 09:42 PM, Fabian Christ wrote:
>>>>> Hi,
>>>>>
>>>>> I have added the license-maven-plugin [1] to the parent and main
>>>>> reactor POM. The goal is to generate overviews of all dependencies and
>>>>> their licenses within the Stanbol code base [2].
>>>>>
>>>>> When running 'mvn install' the plugin generates a
>>>>> 'DEPENDENCIES-BY-LICENSE' file in META-INF for each JAR. This file
>>>>> lists all dependencies of the artifact grouped by licenses. This file
>>>>> is also generated for the top level reactor POM. By this, we get an
>>>>> overview of all dependencies and their licenses in
>>>>> /target/maven-shared-archive-resources/META-INF/ after running 'mvn
>>>>> install' from the root folder.
>>>>>
>>>>> At the moment there is a large list of dependencies with unknown
>>>>> licenses. To resolve the unknown licenses we have to edit the new
>>>>> src/licenses/THIRD-PARTY.properties file you find in the source folder
>>>>> of each artifact. This file is automatically generated and lists all
>>>>> dependencies with unknown licenses. By adding the license information
>>>>> to these files the problem gets solved.
>>>>>
>>>>> For Stanbol releases we have to know the license of each dependency.
>>>>> So unknown licenses are not allowed. I have configured the RAT profile
>>>>> of Stanbol to raise a build failure if there are any unknown licenses.
>>>>> The RAT profile is activated by 'mvn install -Prat'. This checks for
>>>>> missing license headers in our source files and unknown licenses.
>>>>>
>>>>> Hopefully, this helps us to resolve all license issues before doing a
>>>>> release.
>>>>>
>>>>> [1] http://mojo.codehaus.org/license-maven-plugin/
>>>>> [2] https://issues.apache.org/jira/browse/STANBOL-493
>>>>>
>>>
>>>
>>> --
>>> Fabian
>>> http://twitter.com/fctwitt
>>
>>
>> --
>> Fabian
>> http://twitter.com/fctwitt
>
>

Re: Use of license-maven-plugin

[Fabian Christ <ch...@googlemail.com>]

Hi,

thinking about SNAPSHOT dependencies and licenses I came to the
conclusion that it does not make much sense to define the license for
SNAPSHOTs. Once we do a release we have to fix the license for the
released version anyway. Additionally, the license of a SNAPSHOT may
change at any time.

Now, the maven-license-plugin has a bug handling SNAPSHOTs. In some
cases you have to specify the timestamp version of the SNAPSHOT in the
THIRD-PARTY.properties file.

In your case Anil it would be
script-engine-0.1-incubating-20120203.131915-85 instead of
script-engine-0.1-incubating-SNAPSHOT. This works as long as their is
no new SNAPSHOT version. So for a quick fix this is okay. We will have
to change it once there is a stable Clerezza version.

- Fabian

Am 16. Februar 2012 17:27 schrieb Fabian Christ <ch...@googlemail.com>:
> Hi,
>
> I just found out that the maven-license-plugin has problems with
> SNAPSHOT dependencies if they are internally resolved to some version
> number like at.newmedialab.ldpath--ldpath-core-bundle--0.9.4-20120123.115045-3
> instead of at.newmedialab.ldpath--ldpath-core-bundle--0.9.4-SNAPSHOT.
> This may be the same problem as with some Clerezza SNASPHOT
> dependencies.
>
> Now I am looking for a workaround to this problem.
>
> - Fabian
>
> Am 16. Februar 2012 17:16 schrieb Fabian Christ <ch...@googlemail.com>:
>> Hi Anil,
>>
>> I assume you use the 'rat' profile.
>>
>> I think you did everything right. But I'm currently also facing
>> similar problems with this plugin. Some dependencies seem not to be
>> handled correctly. I am currently figuring out why this happens but
>> maybe this plugin has some bugs that make it unusable.
>>
>> Best,
>>  - Fabian
>>
>> Am 16. Februar 2012 17:07 schrieb Ali Anil Sinaci <a....@gmail.com>:
>>> Hi,
>>>
>>> When I run the plugin on Contenthub, I receive error for the following
>>> dependency:
>>> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT
>>>
>>> After I indicate that this is "Apache Software License - Version 2.0" in the
>>> associated THIRD-PARTY.properties file:
>>>
>>> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT=The Apache
>>> Software License, Version 2.0
>>>
>>> and run it again, it still gives the same error and removes the information
>>> that I entered:
>>> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT=
>>>
>>> When I look into the jar file of
>>> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT, I cannot
>>> see any licence information. Can this be the cause of the problem? Does
>>> anyone have any idea in this?
>>>
>>> Thanks,
>>> Anil.
>>>
>>>
>>>
>>> On 02/15/2012 09:42 PM, Fabian Christ wrote:
>>>>
>>>> Hi,
>>>>
>>>> I have added the license-maven-plugin [1] to the parent and main
>>>> reactor POM. The goal is to generate overviews of all dependencies and
>>>> their licenses within the Stanbol code base [2].
>>>>
>>>> When running 'mvn install' the plugin generates a
>>>> 'DEPENDENCIES-BY-LICENSE' file in META-INF for each JAR. This file
>>>> lists all dependencies of the artifact grouped by licenses. This file
>>>> is also generated for the top level reactor POM. By this, we get an
>>>> overview of all dependencies and their licenses in
>>>> /target/maven-shared-archive-resources/META-INF/ after running 'mvn
>>>> install' from the root folder.
>>>>
>>>> At the moment there is a large list of dependencies with unknown
>>>> licenses. To resolve the unknown licenses we have to edit the new
>>>> src/licenses/THIRD-PARTY.properties file you find in the source folder
>>>> of each artifact. This file is automatically generated and lists all
>>>> dependencies with unknown licenses. By adding the license information
>>>> to these files the problem gets solved.
>>>>
>>>> For Stanbol releases we have to know the license of each dependency.
>>>> So unknown licenses are not allowed. I have configured the RAT profile
>>>> of Stanbol to raise a build failure if there are any unknown licenses.
>>>> The RAT profile is activated by 'mvn install -Prat'. This checks for
>>>> missing license headers in our source files and unknown licenses.
>>>>
>>>> Hopefully, this helps us to resolve all license issues before doing a
>>>> release.
>>>>
>>>> [1] http://mojo.codehaus.org/license-maven-plugin/
>>>> [2] https://issues.apache.org/jira/browse/STANBOL-493
>>>>
>>>
>>
>>
>>
>> --
>> Fabian
>> http://twitter.com/fctwitt
>
>
>
> --
> Fabian
> http://twitter.com/fctwitt



-- 
Fabian
http://twitter.com/fctwitt

Re: Use of license-maven-plugin

[Fabian Christ <ch...@googlemail.com>]

Hi,

I just found out that the maven-license-plugin has problems with
SNAPSHOT dependencies if they are internally resolved to some version
number like at.newmedialab.ldpath--ldpath-core-bundle--0.9.4-20120123.115045-3
instead of at.newmedialab.ldpath--ldpath-core-bundle--0.9.4-SNAPSHOT.
This may be the same problem as with some Clerezza SNASPHOT
dependencies.

Now I am looking for a workaround to this problem.

- Fabian

Am 16. Februar 2012 17:16 schrieb Fabian Christ <ch...@googlemail.com>:
> Hi Anil,
>
> I assume you use the 'rat' profile.
>
> I think you did everything right. But I'm currently also facing
> similar problems with this plugin. Some dependencies seem not to be
> handled correctly. I am currently figuring out why this happens but
> maybe this plugin has some bugs that make it unusable.
>
> Best,
>  - Fabian
>
> Am 16. Februar 2012 17:07 schrieb Ali Anil Sinaci <a....@gmail.com>:
>> Hi,
>>
>> When I run the plugin on Contenthub, I receive error for the following
>> dependency:
>> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT
>>
>> After I indicate that this is "Apache Software License - Version 2.0" in the
>> associated THIRD-PARTY.properties file:
>>
>> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT=The Apache
>> Software License, Version 2.0
>>
>> and run it again, it still gives the same error and removes the information
>> that I entered:
>> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT=
>>
>> When I look into the jar file of
>> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT, I cannot
>> see any licence information. Can this be the cause of the problem? Does
>> anyone have any idea in this?
>>
>> Thanks,
>> Anil.
>>
>>
>>
>> On 02/15/2012 09:42 PM, Fabian Christ wrote:
>>>
>>> Hi,
>>>
>>> I have added the license-maven-plugin [1] to the parent and main
>>> reactor POM. The goal is to generate overviews of all dependencies and
>>> their licenses within the Stanbol code base [2].
>>>
>>> When running 'mvn install' the plugin generates a
>>> 'DEPENDENCIES-BY-LICENSE' file in META-INF for each JAR. This file
>>> lists all dependencies of the artifact grouped by licenses. This file
>>> is also generated for the top level reactor POM. By this, we get an
>>> overview of all dependencies and their licenses in
>>> /target/maven-shared-archive-resources/META-INF/ after running 'mvn
>>> install' from the root folder.
>>>
>>> At the moment there is a large list of dependencies with unknown
>>> licenses. To resolve the unknown licenses we have to edit the new
>>> src/licenses/THIRD-PARTY.properties file you find in the source folder
>>> of each artifact. This file is automatically generated and lists all
>>> dependencies with unknown licenses. By adding the license information
>>> to these files the problem gets solved.
>>>
>>> For Stanbol releases we have to know the license of each dependency.
>>> So unknown licenses are not allowed. I have configured the RAT profile
>>> of Stanbol to raise a build failure if there are any unknown licenses.
>>> The RAT profile is activated by 'mvn install -Prat'. This checks for
>>> missing license headers in our source files and unknown licenses.
>>>
>>> Hopefully, this helps us to resolve all license issues before doing a
>>> release.
>>>
>>> [1] http://mojo.codehaus.org/license-maven-plugin/
>>> [2] https://issues.apache.org/jira/browse/STANBOL-493
>>>
>>
>
>
>
> --
> Fabian
> http://twitter.com/fctwitt



-- 
Fabian
http://twitter.com/fctwitt

Re: Use of license-maven-plugin

[Fabian Christ <ch...@googlemail.com>]

Hi Anil,

I assume you use the 'rat' profile.

I think you did everything right. But I'm currently also facing
similar problems with this plugin. Some dependencies seem not to be
handled correctly. I am currently figuring out why this happens but
maybe this plugin has some bugs that make it unusable.

Best,
 - Fabian

Am 16. Februar 2012 17:07 schrieb Ali Anil Sinaci <a....@gmail.com>:
> Hi,
>
> When I run the plugin on Contenthub, I receive error for the following
> dependency:
> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT
>
> After I indicate that this is "Apache Software License - Version 2.0" in the
> associated THIRD-PARTY.properties file:
>
> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT=The Apache
> Software License, Version 2.0
>
> and run it again, it still gives the same error and removes the information
> that I entered:
> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT=
>
> When I look into the jar file of
> org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT, I cannot
> see any licence information. Can this be the cause of the problem? Does
> anyone have any idea in this?
>
> Thanks,
> Anil.
>
>
>
> On 02/15/2012 09:42 PM, Fabian Christ wrote:
>>
>> Hi,
>>
>> I have added the license-maven-plugin [1] to the parent and main
>> reactor POM. The goal is to generate overviews of all dependencies and
>> their licenses within the Stanbol code base [2].
>>
>> When running 'mvn install' the plugin generates a
>> 'DEPENDENCIES-BY-LICENSE' file in META-INF for each JAR. This file
>> lists all dependencies of the artifact grouped by licenses. This file
>> is also generated for the top level reactor POM. By this, we get an
>> overview of all dependencies and their licenses in
>> /target/maven-shared-archive-resources/META-INF/ after running 'mvn
>> install' from the root folder.
>>
>> At the moment there is a large list of dependencies with unknown
>> licenses. To resolve the unknown licenses we have to edit the new
>> src/licenses/THIRD-PARTY.properties file you find in the source folder
>> of each artifact. This file is automatically generated and lists all
>> dependencies with unknown licenses. By adding the license information
>> to these files the problem gets solved.
>>
>> For Stanbol releases we have to know the license of each dependency.
>> So unknown licenses are not allowed. I have configured the RAT profile
>> of Stanbol to raise a build failure if there are any unknown licenses.
>> The RAT profile is activated by 'mvn install -Prat'. This checks for
>> missing license headers in our source files and unknown licenses.
>>
>> Hopefully, this helps us to resolve all license issues before doing a
>> release.
>>
>> [1] http://mojo.codehaus.org/license-maven-plugin/
>> [2] https://issues.apache.org/jira/browse/STANBOL-493
>>
>



-- 
Fabian
http://twitter.com/fctwitt

Re: Use of license-maven-plugin

[Ali Anil Sinaci <a....@gmail.com>]

Hi,

When I run the plugin on Contenthub, I receive error for the following 
dependency:
org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT

After I indicate that this is "Apache Software License - Version 2.0" in 
the associated THIRD-PARTY.properties file:

org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT=The 
Apache Software License, Version 2.0

and run it again, it still gives the same error and removes the 
information that I entered:
org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT=

When I look into the jar file of 
org.apache.clerezza.scala--script-engine--0.1-incubating-SNAPSHOT, I 
cannot see any licence information. Can this be the cause of the 
problem? Does anyone have any idea in this?

Thanks,
Anil.


On 02/15/2012 09:42 PM, Fabian Christ wrote:
> Hi,
>
> I have added the license-maven-plugin [1] to the parent and main
> reactor POM. The goal is to generate overviews of all dependencies and
> their licenses within the Stanbol code base [2].
>
> When running 'mvn install' the plugin generates a
> 'DEPENDENCIES-BY-LICENSE' file in META-INF for each JAR. This file
> lists all dependencies of the artifact grouped by licenses. This file
> is also generated for the top level reactor POM. By this, we get an
> overview of all dependencies and their licenses in
> /target/maven-shared-archive-resources/META-INF/ after running 'mvn
> install' from the root folder.
>
> At the moment there is a large list of dependencies with unknown
> licenses. To resolve the unknown licenses we have to edit the new
> src/licenses/THIRD-PARTY.properties file you find in the source folder
> of each artifact. This file is automatically generated and lists all
> dependencies with unknown licenses. By adding the license information
> to these files the problem gets solved.
>
> For Stanbol releases we have to know the license of each dependency.
> So unknown licenses are not allowed. I have configured the RAT profile
> of Stanbol to raise a build failure if there are any unknown licenses.
> The RAT profile is activated by 'mvn install -Prat'. This checks for
> missing license headers in our source files and unknown licenses.
>
> Hopefully, this helps us to resolve all license issues before doing a release.
>
> [1] http://mojo.codehaus.org/license-maven-plugin/
> [2] https://issues.apache.org/jira/browse/STANBOL-493
>