search

jk1 / Gradle-License-Report

A plugin for generating reports about the licenses of third party software using Gradle
Other
328 stars 99 forks source link

Wrong license determined for `com.sun.activation:jakarta.activation:1.2.2` #213

Open jochenberger opened 3 years ago

jochenberger commented 3 years ago

Consider the following Gradle build:

plugins {
  id 'java'
  id 'com.github.jk1.dependency-license-report' version '1.16'
}

repositories {
  mavenCentral()
}

dependencies {
  implementation 'com.sun.activation:jakarta.activation:1.2.2'
}

Running ./gradlew -i generateLicenseReport outputs the following:

...
Processing configuration [configuration ':runtimeClasspath'], configuration will be resolved
Processing dependencies for configuration [configuration ':runtimeClasspath']: com.sun.activation:jakarta.activation:1.2.2;runtime
Processing artifact: jakarta.activation-1.2.2.jar (com.sun.activation:jakarta.activation:1.2.2) (/home/jochen/.gradle/caches/modules-2/files-2.1/com.sun.activation/jakarta.activation/1.2.2/74548703f9851017ce2f556066659438019e7eb5/jakarta.activation-1.2.2.jar)
Returning pom data: <com.github.jk1.license.PomData@ee7eec08 name=Jakarta Activation description= projectUrl= inceptionYear= licenses=[com.github.jk1.license.License(EDL 1.0, http://www.eclipse.org/org/documents/edl-v10.php), com.github.jk1.license.License(Eclipse Public License v. 2.0, https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt), com.github.jk1.license.License(GNU General Public License, version 2 with the GNU Classpath Exception, https://www.gnu.org/software/classpath/license.html)] organization=com.github.jk1.license.PomOrganization(Eclipse Foundation, https://www.eclipse.org) developers=[]>
Returning manifest data: <com.github.jk1.license.ManifestData@de7a4e80 name=Jakarta Activation version=1.2.2 description=Jakarta Activation vendor=Eclipse Foundation url=https://www.eclipse.org license=null licenseUrl=http://www.eclipse.org/org/documents/edl-v10.php hasPackagedLicense=false>
...

The project is licensed under the EDL 1.0 (https://mvnrepository.com/artifact/com.sun.activation/jakarta.activation/1.2.2). The POM does not seem to contain any licensing information. Why does the pom data contain GPL2+Classpath?

jochenberger commented 3 years ago

I just noticed that the other licenses come from the module's "grandparent" (https://mvnrepository.com/artifact/org.eclipse.ee4j/project/1.0.6). So the ancestors' licenses are also relevant, even if they have <packaging>pom</packaging>?