Open yogurtearl opened 3 weeks ago
Out of curiosity, what tool will flag the plugin for having no license?
Out of curiosity, what tool will flag the plugin for having no license?
any/all? depending on how the tool is configured, these OSS tools generally assume it is copyrighted and proprietary with no license granted for use.
some possible examples:
Do they really check build dependencies by default? (the first one doesn't at least) And is that really a global problem or more one for very strict environments? (or are you building and distributing a plugin that has this plugin as a dependency?)
(I mean, I'll do it as it should be easy, but am trying to understand the full story)
The OSS license compliance solutions that operate at the repo proxy level will block unlicensed deps.
i.e. if you have a OSS compliance solution on an internal maven-proxy.mycorp.com
it will block unknown licenses, denylist licenses and artifacts with no license.
The internal proxy doesn't know if the dep was a build dep or a production dep.
Fyi, plugin marker artifacts won't have license information no matter what projects do, until Gradle fixes https://github.com/gradle/plugin-portal-requests/issues/212
That's only true for those which are published to the portal. Ones on standard places like Maven central contain them like any other artifact.
Add license info to all the poms published by this repo.
e.g. (and an any other publish poms)
See https://maven.apache.org/pom.html#Licenses
Else this gets flagged for having no license.