Open robert-gdv opened 3 months ago
Hmm they are repackaged as shades on the original, no more than any other shading library in the same, The shade I do believe is meant to merge the licenses and include them all,
V1 also closed, prime faces isn't being brought into v2 in favor of modular alternatives :)
If you do find any legit misses though definitely please let me know, I'll check on the v2 snapshots to make sure it's being correctly 👍 Any assistance on correcting would also be greatly appreciated 👏
There seems to be a structural problem: Some more bad licenses after a quick browse: https://mvnrepository.com/artifact/com.guicedee.services/undertow-core/1.2.2.1 -> GPL3.0 https://mvnrepository.com/artifact/io.undertow/undertow-core/2.3.13.Final -> Apache 2.0
https://mvnrepository.com/artifact/com.guicedee.services/commons-lang3/1.2.2.1 -> GPL3.0 https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -> Apache 2.0
Maybe the issue arises, because this repository is tagged as GPL3.0 and then taken as "default"? It might be more helpful, if you split the repository. That way you could individually flag them with the correct license.
But I have no Idea and I am not using your lib. I am just seeing issues popping up elsewhere because of your unintended re-licensing with the "complicated" GPLv3.0.
This repository contains many libraries repackaged and published in maven central.
But this project declares a different License (GPLv3.0) that many of the included projects. GPLv3.0 is also intentionally not used for many projects because it renders the libraries practically unusable.
I doubt that you have the permission to republish their content with a different license.
This is also true for all the maven packages flagged as GPLv3.0.
e.g.: https://mvnrepository.com/artifact/org.primefaces/primefaces/12.0.0 - MIT https://mvnrepository.com/artifact/com.guicedee.services/primefaces/1.2.1.1-jre17 - GPLv3
Technically this causes an issue for my vulnerability scanner, because files in this repository are now paranoidly flagged as GPLv3.0, even if they were published with a "nicer" license by their original projects.