search

highsource / jaxb-tools

The most advanced JAXB2 Maven Plugin for XML Schema compilation.
Other
434 stars 99 forks source link

Licensing Situation #574

Open javahippie opened 2 weeks ago

javahippie commented 2 weeks ago

Hi,

I'm wondering about the license of the modules in this repository. The LICENSE file in the project root seems to be related to a BSD License, although it is not explicitly called that.

Some files in the repository are additonally licensed under Apache 2.0 license via source headers, e.g. hyperjaxb/ejb/schemas/customizations/src/main/resources/config/maven-checks.xml or hyperjaxb/src/main/resources/config/maven-checks.xml

rdmueller commented 2 weeks ago

aren't both licences quite open and free? I'm sure it would have been in Alexey's interest for everyone to be able to use this software however they wanted.

mattrpav commented 2 weeks ago

@javahippie are you requesting all licenses used to be listed in the LICENSE file?

javahippie commented 2 weeks ago

@rdmueller Yes, both licenses are pretty permissable :)

@mattrpav Thanks for the question, I realized I should have put more time into writing this issue, let me try again:

The LICENSE Text in the repository does not seem to adhere to (or explicitly mention) a standard license, although it seems to be a part of the FreeBSD license.

In the Maven central repo the license is listed as "BSD-Style License", and when using license scanning tools like trivy on a Java project, the license is mentioned as "Non Standard", which would be flagged by most licensing tools. While checking for source headers I saw these files mentioned under Apache License 2.0, which is not noted in the packaged artefacts and cannot be caught by license scanners.

As both licenses are pretty open, as @rdmueller already mentioned, this should not be a big issue, but if we wanted to include an SBOM or a similar list of dependencies with versions, we might not necessarily tell the whole truth, if I interpret the handling of OSS licenses correctly

mattrpav commented 2 weeks ago

@javahippie that makes sense. This code base has been heavily modified and refactored since the new maintainers have taken over. I believe it is reasonable that we now have forked work and level-setting the license across the repo would be a good housekeeping item. I've kicked up a conversation with the maintainers and we'll make a task to level licensing notice and headers across the code base.

dev task: https://github.com/highsource/jaxb-tools/issues/575