Jenkins Plugin- License Policy

250 views
Skip to first unread message

Manuel Jesús Recena Soto

unread,
Nov 3, 2017, 8:40:30 AM11/3/17
to Jenkins Developers
Hello everyone,

I hope everything going fine there.

Over the last days, Víctor Martinez and me, have been working on analyzing the fulfillment of the Hosting Plugin Prerequisites. Especially the part where the license requirement is described.

Copied and pasted:

Specify an open source license for your code (most plugins use MIT)
  • The Jenkins project does not host closed-source plugins
  • All of the dependencies of your plugin must also be open source-licensed
  • You should specify the license in the plugin metadata (e.g. pom.xml), but ideally also in a LICENSE file in the root of your repository
We have created and launched a script to list, at least, how many plugins (1) are hosted in the Jenkins Organization are not meeting the prerequisites.
  • 1856 repositories were analyzed
  • 1644 repositories of which their repository name ends in "-plugin"
  • 560 plugin repositories (of the above 1644) do not have defined a license section either in their POM files explicitly or implicitly within their parent POM
  • 452 plugin repositories (of the above 560) don't have any LICENSE files either
From my point of view, I see two issues:
  • What does it mean no license definition/declaration?
  • Those prerequisites are only a suggestion/recommendation or simply Jenkins project is not enforcing them.
In order to improve (or at least, change the current status) two different proposals were sent:
  1. Defining a default license (MIT License) in the plugin-pom: PR-85
  2. Defining a new EnforcerRule (RequireLicense) and using it in the plugin-pom: PR-86
This subject has sparked off a storm of controversy with some important contributors of this project.

(1) With the configuration based on Maven.

DISCLAIMER: I'm not a lawyer and my knowledge of these legal subjects is very limited.

Regards

--
Manuel Recena Soto
* manuelrecena.com [/blog]
* linkedin.com/in/recena

Baptiste Mathus

unread,
Nov 9, 2017, 11:45:48 AM11/9/17
to Jenkins Developers

Le 3 nov. 2017 13:40, "Manuel Jesús Recena Soto" <rec...@gmail.com> a écrit :
Hello everyone,

I hope everything going fine there.

Over the last days, Víctor Martinez and me, have been working on analyzing the fulfillment of the Hosting Plugin Prerequisites. Especially the part where the license requirement is described.

Copied and pasted:

Specify an open source license for your code (most plugins use MIT)
  • The Jenkins project does not host closed-source plugins
  • All of the dependencies of your plugin must also be open source-licensed
  • You should specify the license in the plugin metadata (e.g. pom.xml), but ideally also in a LICENSE file in the root of your repository
We have created and launched a script to list, at least, how many plugins (1) are hosted in the Jenkins Organization are not meeting the prerequisites.
  • 1856 repositories were analyzed
  • 1644 repositories of which their repository name ends in "-plugin"
  • 560 plugin repositories (of the above 1644) do not have defined a license section either in their POM files explicitly or implicitly within their parent POM
Can you please share the script so that anyone can check this list?

IMO on that last case let's fine a PR against the UC generation repo to exclude them from the UC. And let's discuss there for each line/plugin, and obviously wait then long enough for possible maintainers to fix it to get removed from the list.
This seems like a simple enough approach (?).


  • 452 plugin repositories (of the above 560) don't have any LICENSE files either
From my point of view, I see two issues:
  • What does it mean no license definition/declaration?
Proprietary/all rights reserved by default. 
But well IANAL.

Now we need the list to assess the criticality IMO.
  • Those prerequisites are only a suggestion/recommendation or simply Jenkins project is not enforcing them.

Well there are two categories: the ones having been hosted years ago, and the more recent ones. I would be very surprised to see plugins recently hosted (recently=~less than 2 years) without a license. 


In order to improve (or at least, change the current status) two different proposals were sent:
  1. Defining a default license (MIT License) in the plugin-pom: PR-85
  2. Defining a new EnforcerRule (RequireLicense) and using it in the plugin-pom: PR-86

I am not totally sure, but I think there ought to be a JEP too.

> This subject has sparked off a storm of controversy with some important contributors of this project.

(1) With the configuration based on Maven.

DISCLAIMER: I'm not a lawyer and my knowledge of these legal subjects is very limited.

Regards

--
Manuel Recena Soto
* manuelrecena.com [/blog]
* linkedin.com/in/recena

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CABa-UocD_mDSYdqpTvbSs4V_x5O24wVqjeantyHPFs%3Dv%2BDk7Dw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Victor Martinez

unread,
Nov 10, 2017, 5:40:30 AM11/10/17
to Jenkins Developers
You can find the script in the below repo:

Just to clarify, it takes about 50 minutes (main reason: it looks for license section in the pom.xml file, if it doesn't exit, then it does expand the effective-pom and look for the license section). It does also look for LICENSE files using the GH restAPI)

Cheers
Reply all
Reply to author
Forward
0 new messages