Closed sneumann closed 2 years ago
Hi,
I integrated the spdx-maven-plugin, and it creates SPDX files during the normal maven livecycle. These SPDX files will not appear in the source repo, because they are generated files. This files would belong to a artifact if we would deploy to something like the maven central repository.
Not all of the generated SPDX files are perfect, because spdx-maven-plugin does not support multi module maven builds. It is also very likely that one has to use mvn install
once to deploy MassBank-lib to the local maven repo.
I took the opportunity to get all license related meta data straight in our repo and configured the maven license plugin. Now one can create a listing of the licenses for all dependencies with mvn license:aggregate-add-third-party
.
Fixed in/around eddc651feb8eec2cd1fe5bbe6a369dc72db9f2a5
I left a comment in the source, because the commit also contains several other changes.
It might be comparatively easy to create machine readable software license information https://linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials/
using the Maven plugin https://github.com/spdx/spdx-maven-plugin
Yours, Steffen