Hello everyone,
I hope everything going fine there.
Over the last days,
Víctor Martinez and me, have been working on analyzing the
fulfillment of the Hosting Plugin Prerequisites. Especially the part where the license requirement is described.
Copied and pasted:
Specify an open source license for your code (most plugins use MIT)- The Jenkins project does not host closed-source plugins
- All of the dependencies of your plugin must also be open source-licensed
- You should specify the license in the plugin metadata (e.g.
pom.xml
), but ideally also in a LICENSE
file in the root of your repository
We have created and launched a script to list, at least, how many plugins (1) are hosted in the Jenkins Organization are not meeting the prerequisites.
- 1856 repositories were analyzed
- 1644 repositories of which their repository name ends in "-plugin"
- 560 plugin repositories (of the above 1644) do not have defined a license section either in their POM files explicitly or implicitly within their parent POM
- 452 plugin repositories (of the above 560) don't have any LICENSE files either
From my point of view, I see two issues:
- What does it mean no license definition/declaration?
- Those prerequisites are only a suggestion/recommendation or simply Jenkins project is not enforcing them.
In order to improve (or at least, change the current status) two different proposals were sent:
- Defining a default license (MIT License) in the plugin-pom: PR-85
- Defining a new EnforcerRule (RequireLicense) and using it in the plugin-pom: PR-86
This subject has sparked off a storm of controversy with some important contributors of this project.
(1) With the configuration based on Maven.
DISCLAIMER: I'm not a lawyer and my knowledge of these legal subjects is very limited.
Regards