<licenses>
section of your POM.
>It's a modified 3-clause BSD license with an additional clause clarifying trademark use.
We have a registered trademark for Liquibase and we use Apache 2.0. They should update it or have the plugin removed.
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CY4PR06MB29492448C43D2C96D2B2211183D30%40CY4PR06MB2949.namprd06.prod.outlook.com.
Maybe we should also start forcing an explicit license specification in pom.xml and LICENSE for future plugin POM versions (5.0?). It has been discussed a few times in the previous years, but IIRC we did not add mandatory checks
+1 for immediate depublishing. Usage of non-OSI licenses in plugins potentially causes legal risks for Jenkins users.
Maybe we should also start forcing an explicit license specification in pom.xml and LICENSE for future plugin POM versions (5.0?). It has been discussed a few times in the previous years, but IIRC we did not add mandatory checks
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/f203c1b1-30a8-4cd4-ad90-8577b301e971%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPyTVp0ow20VCaJ7PdAhfBQYMdj4%3DBKz%2Bk-9LN8JdMU1SQMWLw%40mail.gmail.com.
the plugin can include many dependencies that are licensed differently (which is why the about page for a plugin shows much more than the top level license for a plugin).
Also i hate to say it but those pesky JavaScript libraries....
--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/-KprgkVIDpQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/a7b2e0ec-1f22-4a54-aab5-25cc5180cb8f%40googlegroups.com.
Well, we cannot have an ideal solution. IMO plugin maintainers are responsible to ensure that plugins they ship are compliant with license requirements of the dependencies they include.Some developer tooling would be great, but just imagine GPL or Zero-prosperity license included in a supposedly-MIT component.What we definitely need is do document our license requirements in https://www.jenkins.io/doc/developer and to explicitly state that the Jenkins Hosting team reserves right to immediately depublish plugin with severe license violations.BR, Oleg
On Mon, Apr 27, 2020 at 10:32 AM James Nord <james...@gmail.com> wrote:
the license in the pom only refers to source code in that repo, not the plugin.
the plugin can include many dependencies that are licensed differently (which is why the about page for a plugin shows much more than the top level license for a plugin).
Also i hate to say it but those pesky JavaScript libraries....
--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/-KprgkVIDpQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkin...@googlegroups.com.
> Well, we cannot have an ideal solution.--
iff you use the maven plugin-pom as your parent then we do correctly record licenses for the plugin including maven transitive dependencies.
we do not track javascript libs yet - but if any tooling looked at the plugin's hpi licenses.xml (plugin.hpi!/WEB-INF/licenses.xml) rather than the pom.xml then this info is available today. (and when javascript is correctly handled it would be done for free.
Now I have no idea what the gradle and other builders do (but it is probable not this)/James
On Monday, April 27, 2020 at 9:47:07 AM UTC+1, Oleg Nenashev wrote:Well, we cannot have an ideal solution. IMO plugin maintainers are responsible to ensure that plugins they ship are compliant with license requirements of the dependencies they include.Some developer tooling would be great, but just imagine GPL or Zero-prosperity license included in a supposedly-MIT component.What we definitely need is do document our license requirements in https://www.jenkins.io/doc/developer and to explicitly state that the Jenkins Hosting team reserves right to immediately depublish plugin with severe license violations.BR, OlegOn Mon, Apr 27, 2020 at 10:32 AM James Nord <james...@gmail.com> wrote:the license in the pom only refers to source code in that repo, not the plugin.
the plugin can include many dependencies that are licensed differently (which is why the about page for a plugin shows much more than the top level license for a plugin).
Also i hate to say it but those pesky JavaScript libraries....
--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/-KprgkVIDpQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkin...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/a7b2e0ec-1f22-4a54-aab5-25cc5180cb8f%40googlegroups.com.
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/12015cf1-3b3a-447b-8030-d62d91d4f4dd%40googlegroups.com.